2.5.1 Monitoring Windows event logs in JP1/IM
To use JP1/IM to monitor Windows event logs, you can use event log trapping, which is a JP1/Base function for converting event log data to events handled in JP1.
Event log trapping is enabled when the JP1/Base EventlogTrap service starts in JP1/Base on a host on which you want to monitor Windows event logs.
This manual describes how to customize the event log trap settings for Windows event log data issued on host 1 in the basic configuration system shown in 1.2.1 Overview of a basic configuration system.
- Organization of this subsection
(1) Settings of the event log trap action-definition file to be created
The following provides details about the settings specified in the the event log trap action-definition file. The file is created in 2.5.1(2) Using IM Configuration Management to edit the event log trap action-definition file on the host to be monitored.
Specification details
Specification |
Description |
---|---|
filter "System" type Warning Error end-filter |
Specifies the Windows event log data to be trapped for which System is specified for Log Name. In this manual, log data whose Level is Warning or Error is trapped. |
filter "Application" type Warning Error end-filter |
Specifies the Windows event log data to be trapped for which Application is specified for Log Name. In this manual, log data whose Level is Warning or Error is trapped. |
(2) Using IM Configuration Management to edit the event log trap action-definition file on the host to be monitored
The following describes how to use IM Configuration Management to edit the event log trap action-definition file in order to customize the event log trap settings. Perform this procedure on the host to be monitored.
Prerequisites
The following conditions must be satisfied:
-
The basic configuration system is set up according to 2.1.1 Procedure for setting up a system by using IM Configuration Management.
-
The JP1/Base EventlogTrap service is running, and host information has been collected.
-
The OS of the host to be monitored is Windows.
Procedure
-
From the Windows Start menu, select All Programs, JP1_Integrated Management - View, and then Configuration Management. The Login window appears.
-
Enter jp1admin for User name, jp1admin for Password, and admin for Host to connect, and then log in. The IM Configuration Management window appears.
-
Click the IM Configuration tab. Then, in the tree area on the IM Configuration page, select the hosts on which you want to monitor the Windows event log.
-
On the menu bar, select View, and then Display Profiles. The Display/Edit Profile window appears.
-
In the tree display area, select JP1/Base.
-
In the pop-up menu displayed by right-clicking, select Exclusive Editing Settings to obtain exclusive editing rights.
-
In the tree display area, select Event Log Trapping.
-
Edit the event log trap action-definition file as shown in the following figure.
-
When a dialog box asking you whether you want to apply the settings appears, click the Yes button.
Related topics
-
3.5.1 Setting the profiles on hosts in an agent configuration in the Configuration Guide
-
4.1.2 IM Configuration page in the manual GUI Reference
-
4.9 Display/Edit Profiles window in the manual GUI Reference
-
Descriptions about converting Windows event log data in the JP1/Base User's Guide
-
Descriptions the event log trap action-definition file (ntevent.conf) in the JP1/Base User's Guide