This section provides example entries for the NT Event Monitor table to monitor Windows event logs using the watch ntevent directive. You can add these entries to the sysedge.cf file.
Example: Search the Application Log for Web Server Messages
The following example adds a new entry to the agent's NT Event Monitor table at table index 11 to search the Application log for messages from the http Web server application and send a trap with a warning severity when a match occurs:
watch ntevent 11 0x00 Application All 'http' '.*' 'Web Server messages' " warning
Example: Search the Security Log for Failure Events
The following example adds a new entry to the agent's NT Event Monitor table at table index 12 to search the Security log for Failure events that indicate login failures and send a trap with a critical severity when a match occurs:
watch ntevent 12 0x00 Security Failure '.*' '.*' 'Access Failure - WARNING' " critical
Example: Search the Application Log for Specific Events
The following example adds a new entry to the agent's NT Event Monitor Table at table index 3 to search the Application log for events with Event ID 277:
watch ntevent 3 0x0100 Application All '.*' '\[277\]' 'Event ID 277' "
Adds the Event ID to the description. [277\] is the description field that the agent will attempt to match.
The backslash character (\) is required because brackets ([]) are special characters for regular expression matching.
|
Copyright © 2013 CA.
All rights reserved.
|
|