7.6.5 Notes on the Monitoring Event Log job
The following provides precautions (items you should know in advance) for using the Monitoring Event Log job.
For an overview of the operation of the Monitoring Event Log job, see 2.4.4(4) Executing a process on receipt of a Windows event log record (Monitoring event log job).
-
Before you can use the Monitoring Event Log job, the event log trapping function must be configured in the action definition file of JP1/Base.
-
Start the event log trapping service and event service of JP1/Base before running a Monitoring Event Log job.
If the event log trapping service and event service of JP1/Base are not running, the Monitoring Event Log job will remain in Now running status and take no action if a Windows event log is received.
-
The Windows events monitored by the Monitoring Event Log job conform to the specifications of the JP1/Base event log trapping function.
For details about the operating definition of the JP1/Base event log trapping function, see the Job Management Partner 1/Base User's Guide.
-
When a Windows event cannot be placed in a category, "Others" appears in the Windows event viewer. However, if the event is converted to a JP1 event by using the JP1/Base event log trapping function, the category of the event will be "None". For this reason, when you define a Monitoring Event Log job, specify "None" rather than "Others" for Category. If you specify the string "Others", the monitoring condition will not be satisfied.
-
In its default state, the JP1/Base event log trapping function monitors Error and Warning events only. If you want to monitor Verbose, Information, Critical, Failure audit, and Success audit events, add the necessary definition of the target events in the action definition file of the event log trapping function of JP1/Base.
-
The monitoring condition is satisfied when the monitoring condition specified in Category of the Monitoring Event Log job completely matches the category of the Windows event. The maximum size of a monitoring condition is 255 bytes. However, the Windows event log might contain entries longer than 255 bytes. In this case, the system compares the character string specified in Category of the Monitoring Event Log job against the first 255 bytes of the category information of the Windows event, and the condition is satisfied if they match.
-
An item specified using a regular expression matches the condition if part of the specified character string matches. To require a full match, use a regular expression that explicitly specifies the full name. For information about the use of regular expressions in Windows, see the Job Management Partner 1/Base User's Guide.
-
When you specify a character string that includes a linefeed character in the Description definition item of the Monitoring Event Log job, the condition is satisfied if the character string before the linefeed character matches the monitoring condition, regardless of the character string following the linefeed character. To allow descriptions that contain linefeed characters to be monitored successfully, use regular expressions for the linefeed code, for example, use \n if the linefeed code is \n and use .\n if the linefeed code is \r\n. For information about the use of regular expressions in Windows, see the Job Management Partner 1/Base User's Guide.
- Example when the following character strings are monitored:
-
Starting TEST1...
Starting TEST2...
-
If the linefeed character after Starting TEST1 is \n, specify:
Starting TEST1\nStarting TEST2
-
If the linefeed character after Starting TEST1 is \r\n, specify:
Starting TEST1.*\nStarting TEST2
-
The following errors might occur depending on the OS on the job execution host or the JP1/AJS3 version.
- When the OS is UNIX on the job execution host
-
The job enters the Failed to start status and the KAVT0567-E message appears.
- When the OS is Windows Server 2003 on the job execution host
-
Errors occur if you have specified monitoring conditions that can only be specified for Windows Server 2012 or Windows Server 2008.
The following monitoring conditions can be specified only for Windows Server 2012 or Windows Server 2008.
Log type: Any log type
Event type: Verbose and Critical
- When the JP1/AJS3 version is 10-00 or later on the job execution host
When only Verbose or Critical, or only both, are specified, the job enters the Failed to start status and the KAVT0591-E message appears.
When Verbose or Critical is specified and other event types are also specified, the job is executed and no error occurs.
- When the JP1/AJS3 version is earlier than 10-00 on the job execution host
The job ends abnormally and the KAVT1013-E message appears.