Administration GuideIntegrations and ConnectorsHow to Create an Integration › Set WMI Configurations

Previous Topic: Set TIBCO Configurations

Next Topic: Set W3C Log Configurations

Set WMI Configurations

You can control data access settings for integrations using the WMI sensor. You can use the CA-provided default settings for most event collection purposes, but you may want to alter these settings for custom integrations.

To set WMI configurations

  1. Open the integration wizard, select the WMI Log Sensor, and advance to the Default Configurations step.
  2. Set or edit the following master configuration values to identify and access the Windows event source you want:
    WMI Server name

    Defines the name of the event source server.

    Domain

    Defines the name of domain where the event source is located.

    NameSpace

    Defines the class from which you want to collect events.

    Default: root\cimv2

    User name

    Defines the name of the user with appropriate event-collection access rights.

    Password

    Defines the password of the user with appropriate event-collection access rights.

    EventLogName

    Defines the log name created for this integration. The log name is used to associate any XMP and DM files attached to the integration.

    UpdateAnchorRate

    Defines how often, in events, an update anchor is created. If event processing is interrupted for any reason, the agent refers to the most recent anchor to restart processing. A lower anchor rate reduces the chance of lost events, but affects performance since the update anchor is created more often. A very high anchor rate may increase workload, since many events are reprocessed if an interruption occurs.

    Read from beginning

    Controls whether the agent begins reading the file from the beginning if event processing is interrupted. If the check box is not selected, the agent resumes reading events using the anchor rate. If the check box is selected the sensor reads the log file from the beginning when you deploy a connector for the first time. Depending on the size of the database and the rate of event generation, the CA Enterprise Log Manager log sensor may take some time to synchronize with real-time events.

  3. Set or edit the following event-collection values:
    Anchor field

    Identifies the native field that will be checked for events. The event collection query targets the Anchor field you specify.

    Logfile name

    Defines the logfile from the NTEvent log source to be checked for events. If you only wanted to check the events contained in the Application logfile, you could set values for Application only.

    Defaults: Security, System, Application

    Monitor

    Ensures that the logfile identified in Logfile name is monitored for events. You can deselect Monitor if you want to disable monitoring of a particular log file without removing the logfile value from the configuration.

    Query

    Defines the SQL query statement used to collect events from the specified source and logfile.

  4. (Optional) To add additional event-collection values, click Repeat: Integration value repeat button

    An additional set of event-collection fields appear, allowing you to enter values for additional event collection from the same source. For example, to collect events from more than one logfile, add additional event-collection fields.

  5. (Optional) To add additional master configuration and event-collection values, click the upper Repeat button outside the blue-shaded box: Integration value repeat button

    A full set of configuration and collection fields appear, allowing you to enter values for both event source identification and collection. For example, to collect events from more than one Windows event source, add source identification and event-collection values.

  6. Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.

    If you click Save and Close, the new integration appears in the user folder list, otherwise the step you choose appears.