Job Management Partner 1/Performance Management - Agent Option for Platform Description, User's Guide and Reference

Event Log (PD_ELOG)

Function

The Event Log (PD_ELOG) record stores event log data recording the following information about applications, systems, and security at given points in time:

Time of each event log

Event source

Event type

Event ID

Event explanation

This is a multi-instance record.

Notes:

This record collects the incremental data that has become available since the event log monitoring began. For a historical report, it may take as long as twice the specified collection interval before the first data is stored. For a real-time report, this record is collected during the second and subsequent collection intervals.

If a large volume for an event log is recorded during the collection interval for this record, collection of other records may be delayed or a time-out may occur. When collecting this record, set the collection interval such that the incremental event log corresponding to a collection interval of 10 seconds does not exceed 1,000 items/number-of-reports-to-be-concurrently-displayed.

This record collects only those event logs that occur during record collection after the start of the Agent Collector service. Therefore, it cannot collect event logs that occur during the start or stop of the OS, Performance Management, or collection of this record.

This record collects the contents recorded in event logs, and thus is not suitable for automatically determining that the system has returned to the normal state after an error or warning was detected based on an alarm. Therefore, it is recommended that you use a setting, such as Always notify, that always issues notification about an alarm event when an error or warning condition is met.

Note the following when you collect the data for this record in Windows Server 2003 (x64) or the 64-bit version of Windows Server 2008: The values in the following fields in the event logs output by 64-bit applications might differ from the information displayed in the 64-bit version of Event Viewer (displayed by choosing Administrative Tools and then Event Viewer).
- The Description field outputs the content of the message KAVF11405-W.
- The Event Category field outputs an event category ID.

You can use the collection data addition utility to specify the event log collection target.

During record collection, if a non-collection target event log is changed to a collection target, the event logs that occurred since the previous collection time are collected.

Default values and values that can be specified

Item Default value Modifiable

Collection Interval 60 Yes

Collection Offset 0 Yes

Log No Yes

LOGIF Blank Yes

Item	Default value	Modifiable
Collection Interval	60	Yes
Collection Offset	0	Yes
Log	No	Yes
LOGIF	Blank	Yes

ODBC key fields

PD_ELOG_EVENT_ID

PD_ELOG_SOURCE_NAME

PD_ELOG_TIME_GENERATED

Lifetime

None

Record size

Fixed portion: 677 bytes

Variable portion: 944 bytes

Fields

PFM-View name
(PFM-Manager name) Description Summary Format Delta Not Supported versions Data source

Computer Name(COMPUTER_NAME) Name of the computer that generated the event. -- string(36) No -- --

Description(DESCRIPTION) Event log explanation. -- string(512) No -- --

Event Category(EVENT_CATEGORY) Sub-category unique to the event source. -- string(36) No -- --

Event ID(EVENT_ID) Event ID. -- ulong No -- --

Event Type ID(EVENT_TYPE_ID) Event type identifier. One of the following values is used for this field.
When the OS is Windows Server 2003 or earlier:
1: Error
2: Warning
4: Information
8: Success Audit
16: Failure Audit
When the OS is Windows Server 2008:
0: Success Audit
0: Failure Audit
1: Critical
2: Error
3: Warning
4: Information
5: Verbose -- ulong No -- --

Event Type Name(EVENT_TYPE_NAME) Event type. One of the following values is used for this field.
When the OS is Windows Server 2003 or earlier:
- Error
- Warning
- Information
- Success Audit
- Failure Audit
When the OS is Windows Server 2008:
- Error
- Warning
- Information
- Success Audit
- Failure Audit
- Critical
- Verbose -- string(26) No -- --

Log Name(LOG_NAME) Event log type. The value of this field is one of the following:
- Application
- Security
- System -- string(26) No -- --

Record Time(RECORD_TIME) Time at which the record was created. -- time_t No -- --

Record Type(INPUT_RECORD_TYPE) Record name. Always ELOG. -- char(8) No -- --

Source Name(SOURCE_NAME) Name of the source (application, service, driver, or subsystem) that generated the entry. -- string(256) No -- --

Time Generated(TIME_GENERATED) Time at which the event entry was submitted. -- time_t No -- --

User Name(USER_NAME) User name that was active when the event was recorded. -- string(36) No -- --

User Sid(USER_SID) Type of user security ID that was active when the event was recorded.
One of the following values is used for this field:
1: User
2: Group
3: Domain
4: Alias
5: Known group
6: Deleted account
7: Invalid
8: Unknown type
9: Computer
0: No information -- ulong No -- --

PFM-View name (PFM-Manager name)	Description	Summary	Format	Delta	Not Supported versions	Data source
Computer Name(COMPUTER_NAME)	Name of the computer that generated the event.	--	string(36)	No	--	--
Description(DESCRIPTION)	Event log explanation.	--	string(512)	No	--	--
Event Category(EVENT_CATEGORY)	Sub-category unique to the event source.	--	string(36)	No	--	--
Event ID(EVENT_ID)	Event ID.	--	ulong	No	--	--
Event Type ID(EVENT_TYPE_ID)	Event type identifier. One of the following values is used for this field. When the OS is Windows Server 2003 or earlier: 1: Error 2: Warning 4: Information 8: Success Audit 16: Failure Audit When the OS is Windows Server 2008: 0: Success Audit 0: Failure Audit 1: Critical 2: Error 3: Warning 4: Information 5: Verbose	--	ulong	No	--	--
Event Type Name(EVENT_TYPE_NAME)	Event type. One of the following values is used for this field. When the OS is Windows Server 2003 or earlier: - Error - Warning - Information - Success Audit - Failure Audit When the OS is Windows Server 2008: - Error - Warning - Information - Success Audit - Failure Audit - Critical - Verbose	--	string(26)	No	--	--
Log Name(LOG_NAME)	Event log type. The value of this field is one of the following: - Application - Security - System	--	string(26)	No	--	--
Record Time(RECORD_TIME)	Time at which the record was created.	--	time_t	No	--	--
Record Type(INPUT_RECORD_TYPE)	Record name. Always ELOG.	--	char(8)	No	--	--
Source Name(SOURCE_NAME)	Name of the source (application, service, driver, or subsystem) that generated the entry.	--	string(256)	No	--	--
Time Generated(TIME_GENERATED)	Time at which the event entry was submitted.	--	time_t	No	--	--
User Name(USER_NAME)	User name that was active when the event was recorded.	--	string(36)	No	--	--
User Sid(USER_SID)	Type of user security ID that was active when the event was recorded. One of the following values is used for this field: 1: User 2: Group 3: Domain 4: Alias 5: Known group 6: Deleted account 7: Invalid 8: Unknown type 9: Computer 0: No information	--	ulong	No	--	--

[Contents][Back][Next]

[Trademarks]