Overview GuideWindows Agent Deployment › View Logs from Windows Event Sources

Previous Topic: Configure a Windows Event Source

Next Topic: Key Capabilities

View Logs from Windows Event Sources

One of the quickest ways to view query results on incoming events is to use the Prompt for Host. You can also select queries or reports.

To view incoming event logs

  1. Select the Queries and Reports tab.

    The Queries subtab displays.

  2. Expand Prompts under Query List and select Host.
  3. Enter the WMI server name configured for the sensor in the Host field. Clear the other check marks and click Go.

    Prompt example - showing host search

    Events from the WMI server event sources appear.

  4. Click the CA Severity and scroll through to find a warning. A compressed example without the Date and Event Source columns follows:

    Warning event example for NT-Security

  5. Click Show raw event to display the raw events for the warning.
  6. Double-click the warning to display the Event Viewer with much more data. A few rows of example data follow:

    Result_string shows privileged object operation.

  7. Click the Queries and Reports tab, click a query from the Query List, for example, Collection Monitor by Log Manager Trend. View the resulting bar graph.

    View the bar graph for collection Monitor by Log Manager Trend.

  8. Click Reports. Under Report List, enter self in the Search field to display the report name System Self Monitoring Events. Select this report to display a listing of the events that are generated by the CA Enterprise Log Manager server.

Note: See online help or the Administration Guide for details on scheduling reports on information you are interested in analyzing.