beautypg.com

Format file – IBM Enterprise Console User Manual

Page 128

background image

Source

The source that logged the event to the Windows event log. You can
specify up to sixteen sources. Multiple sources must be separated by
commas.

EventType

The classification of the event assigned by Windows. Valid values are as
follows:
v Error
v Warning
v Information
v AuditSuccess
v AuditFailure
v Unknown

The following examples show prefiltering statements. The first statement is on
multiple lines due to space restrictions.

PreFilter:Log=Application;Source=MyApp;EventId=1000,2000, \

3000;EventType=Warning,Information;
PreFilter:Log=Security;
PreFilter:Log=Application;Source=TECWinAdapter;

Format File

The format file contains message format descriptions and their mappings to
BAROC events. The message fields of a Windows event are matched against the
format descriptions in this file and when a match succeeds, the corresponding IBM
Tivoli Enterprise Console event is generated by the adapter. The format file
contains predefined mappings for some common Windows events and can be
customized to add any new messages.

A Windows event is written to an ASCII message in the following sequence:
v The date expressed as month, day, time, and year.
v The event category, expressed as an integer.
v The event type (Error, Warning, Information, AuditSuccess, AuditFailure,

Unknown).

v The Windows security ID; any spaces in this field are replaced by an underscore

if the proper registry variable is set.

v The Windows source; any spaces in this field are replaced by an underscore if

the proper registry variable is set.

v The Windows event identifier.
v The message text.

The subfields, except the message text field, are derived from the event header in
the Windows event object. The output message after formatting is bound against a
format description. A formatted error message from the Windows service control
manager can look like the following example:

Jan 15 15:06:19 1998 0 Error N/A Service_Control_Manager 7024 \

The UPS service terminated with service-specific error 2481.

For details about format files, see “Format File” on page 17 and Appendix B,
“Format File Reference” on page 145.

116

IBM Tivoli Enterprise Console: Adapters Guide

See also other documents in the category IBM Hardware: