2.4.9 Converting Windows event logs
The following figure shows how the event log trapping function converts Windows event log entries into JP1 events and registers them in an event database.
|
|
![[Figure]](GRAPHICS/ZU011700.GIF)
To use an event log trap, create an action definition file for event log trapping (ntevent.conf) and then specify the conditions for the log data you want to convert into JP1 events. If the event service is started first, and then the event log trapping service is started, an event log trap is generated and the event log is monitored. All event logs that match the monitoring conditions are converted into JP1 events, which are then registered in the event database. All JP1 events converted from the Windows event log are assigned an event ID of 00003A71. The severity corresponds to the type of event log data before they are converted to JP1 events.
Although the event service is set to start automatically when the system starts by default, the event log trap service does not start automatically. To start and end the event log trapping service automatically, set it up so that the event log trapping service starts after the event service starts. Use the startup control to do this.
Trapped event log messages can be registered as JP1 events up to 1,023 bytes. If a message exceeds this limit, the message is truncated from the 1,024th byte when the message is converted into a JP1 event. For details on the JP1 event attributes, see 17.3.1(25) Details about event ID 00003A71.