Previous Topic: edgewatch Commands for Windows Event MonitoringNext Topic: Remove Windows Event Monitoring Entries

CA SystemEDGE User GuideWindows Event Monitoringedgewatch Utility--Monitor Windows Eventsedgewatch Examples

edgewatch Examples

This section provides examples for using the edgewatch utility with SNMP versions 1, 2c, and 3 to monitor Windows events.

Example: List Entries in the NT Event Monitor Table

The following example lists the contents of the agent's NT Event Monitor table:

edgewatch -v 1 -h fe80:ab01::901:bdef -c public -o ntevent list

edgewatch -v 2c -h 127.0.0.1 -c public -o ntevent list

edgewatch -v 3 -h fe80:ab01::901:bdef -s 3 -u userName -A authProtocol -a authPassword -X encryptProtocol -x privPassword -o ntevent list

Example: Add an NT Event Monitor Entry

The following example adds a new entry to an agent's NT Event Monitor table at table index 5 to search for login failures on a Windows system.

edgewatch -v 1 -h 127.0.0.1 -c private -o ntevent add 5 0x0 Security Failure ".*" ".*" "Failed login attempt - WARNING" "\local\bin\mail2admin.exe"

edgewatch -v 2c -h fe80:ab01::901:bdef -c private -o ntevent add 5 0x0 Security Failure ".*" ".*" "Failed login attempt - WARNING" "\local\bin\mail2admin.exe"

edgewatch -v 3 -h fe80:ab01::901:bdef -s 3 -u userName -A authProtocol -a authPassword -X encryptProtocol -x privPassword -o ntevent add 5 0x0 Security Failure ".*" ".*" "Failed login attempt - WARNING" "\local\bin\mail2admin.exe"

This example also instructs the agent to run the \local\bin\mail2admin.exe script when the agent finds a match.

Example: Delete an NT Event Monitor Entry

The following example deletes an entry from an agent's NT Event Monitor table at table index 5:

edgewatch -v 1 -h 127.0.0.1 -c private -o ntevent delete 5

edgewatch -v 2c -h fe80:ab01::901:bdef -c private -o ntevent delete 5

edgewatch -v 3 -h 127.0.0.1 -s 3 -u userName -A authProtocol -a authPassword -X encryptProtocol -x privPassword -o ntevent delete 5

Example: Disable an NT Event Monitor Entry

The following example disables the NT Event Monitor table entry at table index 5 by setting that entry's status to notInService(2). The entry will remain in the table, but the agent will not scan the event log for matches unless the entry's status is returned to active(1):

edgewatch -v 1 -h 127.0.0.1 -c private ntevent setstatus 5 2

edgewatch -v 2c -h fe80:ab01::901:bdef -c private ntevent setstatus 5 2

edgewatch -v 3 -h 127.0.0.1 -s 3 -u userName -A authProtocol -a authPassword -X encryptProtocol -x privPassword -o ntevent setstatus 5 2
2

Corresponds to the Row Status textual convention value notInService(2).