watch ntevent Directive--Add Entries to NT Event Monitor Table

CA SystemEDGE User Guide › Windows Event Monitoring › Windows Event Monitoring Configuration › watch ntevent Directive--Add Entries to NT Event Monitor Table

watch ntevent Directive--Add Entries to NT Event Monitor Table

The watch ntevent directive lets you add Windows event monitor entries to the NT Event Monitor table directly in the sysedge.cf file. The arguments represent columns in the NT Event Monitor table.

Add a line to the sysedge.cf file in the agent data directory using the syntax described below, save the file, and restart the agent for the change to take effect.

Use the watch ntevent directive to add entries to the NT Event Monitor table as follows:

watch ntevent index flags 'evLog' 'evType' 'evSrc' 'evDescr' ['descr'] ['action'] [severity]

index

Specifies the row (index) of the monitor table to use for this entry. Each row in the table is uniquely identified by an index number. Rows 1 through 10 are reserved for internal use by the agent, so the index value must be greater than 10 and unique across the table.

flags

Specifies any additional behavioral instructions for this entry using a hexadecimal flags value (for example, 0x00000001). For more information about available flags, see NT Event Monitor Table Flags.

'evLog'

Specifies the event log to monitor. This value can be one of the following:

application
system
security
dnsServer
dirService
fileRepService

'evType'

Specifies the event type to match for this entry. The following are valid types:

error
warning
information
success
failure
all

Entering 'all' indicates that all event types should match.

'evSrc'

Specifies the regular expression to use when scanning the Event Source attribute in each event.

'evDescr'

Specifies the regular expression to use when scanning the Event Description attribute in each event.

'descr'

Specifies an arbitrary description (0 to 512 characters in length) of the table entry.

'action'

Specifies a command (0 to 2048 characters in length), including the full path and any parameters, to run when the entry is matched and a trap is sent. If the string is empty, the agent performs no action for this entry.

Note: You can change the default settings for when the agent performs actions. For more information, see the chapter "Agent Configuration."

severity

Specifies the severity to assign to the entry when a match occurs and a trap is sent. The severity is included with the trap. Valid values are as follows:

none
ok
warning
minor
major
critical
fatal

Note that the severity designation only specifies the importance of the monitor and is not used to calculate status.

Default: none