You can define a Windows Event Log Monitoring (EVENTLOG_MON) job to monitor a Windows event log on a local computer. The monitor returns the most recent event available or continuously monitors for events in a particular Windows event log.
Note: To run these jobs, your system requires CA WA Agent for Windows.
Windows operating systems record events in different types of logs, including the following:
The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log.
The system log contains events logged by the Windows 2000 system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log.
The security log can record security events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files.
For more information on Windows logs, select Start, Settings, Control Panel, Administrative Tools, Event Viewer. Select any of the three log categories and double-click to view its property page.
Required Statements
To define a Windows Event Log Monitoring job, you must specify the following statements:
Optional Statements
You can specify the following optional statements for a Windows Event Log Monitoring job:
Example: Monitor an Application Log that Occurs on or After a Specified Date and Time
This example monitors an application log that occurs on or after a specified date and time. When the job finds an application log that occurs any time on or after 6:30 a.m. on December 11, 2010, the job completes successfully.
AGENT SYSAGENT
EVENTLOG Application
EVENTTYPE info
EVENTCATEGORY None
EVENTSOURCE LLDSAPNT223
EVENTTIME FROM('06:30:00AM dec 11 2010')
Example: Continuously Monitor an Application Event Log
This example continuously monitors an application event log. An alert named ELOG is triggered for all instances of the INFO event type, where the event source is LLDSAPNT223, the event description contains the word started, and the event ID is less than or equal to 4000.
AGENT SYSAGENT EVENTLOG Application CONTINUOUS(ELOG) EVENTTYPE INFO EVENTCATEGORY None EVENTSOURCE LLDSAPNT223 EVENTDESCRIPTION started EVENTID LE 4000
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|