QOS User's Manual
Prev Next

EventLog

Name

EventLog -- Scan Windows Event Log for strings

Synopsis

{ 'type'      : 'EventLog' ,
  'subents'   : [
                  {
                   'status'   : 'on' ,
                   'name'     : 'SecCtrStopped',
                   'logFile'  : 'Application',
                   'matchMesg': 'Security Center Stopped',
                   'triggers' : [{ 'level' : 'warn', trigger:'/Center Service has stopped/' }, ],
                  }
                 ]
 }

Description

The EventLog entity monitors the Windows Event Log for messages and triggers when log entries match specified regular expressions. Because the event log can store data for a long period of time the Entity only scans log entries from the 30 minutes prior to the scan.

This Entity is only available on Agents running on systems with an Event Log, which includes Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

Fields

name

A descriptive name for this subentity.

logFile

The name of the event log to scan. Valid entries are Application, Security, and System.

matchMesg

The message to send as the status message to the Server when the regular expressions in this SubEntity match. If not specified, the message defaults to "Matched regular expression."

matchFlags

A list of flags to pass to the regular expression module to change its behavior. For example, to request a case-insensitive search, use IGNORECASE.

Trigger

The Trigger fires if the regular expression in trigger returns a match.

Prev Home Next
EmailPath Up InnoTbSpc