beautypg.com

Event.log: event log – Visara Master Console Center Administration Guide User Manual

Page 176

background image

Visara Master Console Center

176

© Visara International 2007

event.log: Event Log

Event Manager logs its activities into the event.log file. All lines in event.log
begin with a date and time stamp. At startup, Event Manager issues a “---
gwEventMgrD Startup ---” message (with more dashes than shown here). After
that, format of the lines is as follows:

YYYY-MM-DD HH:MM:SS eventSeq eventStatus eventType ruleID eventDesc

YYYY-MM-DD HH:MM:SS eventSeq actStatus actType actDesc

Where:

ƒ

YYYY is the four-digit year with Month (MM) and Date (DD) following, and

the time is in Hour:Minute:Second format. Time is recorded in 24-hour format.

ƒ

eventSeq is the Event Sequence Number associated with a rule and its

actions. Each rule has a unique Event Sequence Number, and all of the actions
associated with that rule use the same Event Sequence Number.

ƒ

eventStatus is one of three values: ACTIVE, SIMULATED, or INACTIVE.

ƒ

eventType will also be one of three values: Console Msg Event, SNMP Trap

Event, or Time Event.

ƒ

ruleID is the internal identification number that the MCC system uses to

identify the rule. The ruleID is visible in the Event Editor.

ƒ

eventDesc is a description of the event. For example, if an event rule scans

for the phrase “Connection closed,” eventDesc contains the full text of the
triggering event. Thus, both “Connection closed.” and “Connection Closed by
foreign host.” activate the same event rule, but each event.log entry has different
eventDesc values.

ƒ

actStatus is the status of the action. It has one of three values: ACTIVE,

SIMULATED or INACTIVE.

ƒ

actType is the type of the action performed. It can be one of five values:

Create Fltrd Msg Action, Create Alert Action, SYSEXEC Action, Exec Script
Action, or Ignore Action.

ƒ

actDesc is a full description of the action performed. For Ignore Action

actTypes, this is blank. For Create Fltrd Msg Action & Create Alert Action, this
contains the full text of the alert or filtered message, but no other data. For the
SYSEXEC Action, this lists the exact text of the command executed on the MCC
system. For the Exec Script Action, this is blank.
Each triggered event generates one message of the first type. Each action
associated with the event generates a message of the second type, if the action
has “Log” set.

See also other documents in the category Visara Computer Accessories: