jcfaleltstart (Windows only)
- Organization of this page
Function
Starts a remote monitoring event log trap.
Executing this command collects the event log files on the monitored host specified in the option, converts a line in a log file that satisfies the conditions specified in the action definition file of a remote monitoring event log trap to a JP1 event, and registers the event on an event server.
In order to specify the -f option, the action definition file of a remote monitoring event log trap must be created before the command is executed. Also, if the command is executed with the -f option specified and the profile has stopped, the existing action definition file of the remote monitoring event log trap is overwritten and the process for the trap profile is started. If the profile is running, the existing action definition file of the remote monitoring event log trap is overwritten and saved on the server, and an error message is displayed. At this point, the profile is running with the operation definition that existed before the action definition was overwritten.
Note that a maximum of five commands can be executed concurrently.
The following conditions must be satisfied to execute this command:
-
The IM Configuration Management service is running
-
There is a remotely monitored host in the remote monitoring configuration.
-
A remotely monitored host has already collected host information.
-
DCOM is set.
Format
jcfaleltstart -o monitored-host-name [-h logical-host-name] [-f remote-monitoring-event-log-trap-action-definition-file-name [-filter filter]]
Execution permission
Administrator permissions
Storage directory
Manager-path\bin\imcf\
Arguments
- -o monitored-host-name
-
Specifies the name of the monitored host for the remote monitoring event log traps you want to start. The OS on the monitored host must be Windows.
- -h logical-host-name
-
Specifies the name of the logical host on which you want to execute the command. If this option is omitted, the logical host name specified for the JP1_HOSTNAME environment variable is set. If no logical host name is set for JP1_HOSTNAME, the physical host name is set.
- -f remote-monitoring-event-log-trap-action-definition-file-name
-
Specifies the name of an action definition file. If the -f option is specified, the existing action definition file of a remote monitoring event log trap is overwritten and started. If the -f option is not specified, the existing remote monitoring event log trap is started.
Specify the action definition file name as a full path or a relative path from the current directory with a maximum of 256 bytes. When specifying a relative path, do so in such a way that the full-path name with the directory name will be no more than 256 bytes.
The action definition file can be placed in any directory, and any file name can be specified.
- -filter filter
-
Specifies a filter, when filters have already been set, according to log type to filter event logs acquired on a remotely monitored host. This option can be specified only when the -f option is specified.
When this option is specified, only event logs that match the specified log type are transferred to the manager. Specify this option to control the amount of log file data that is transferred from a remotely monitored host to the manager.
Use a character string in the following table to specify the log type. Note that the character strings are not case sensitive.
Specifiable log type
Log type of event logs to be filtered
Error
Error, Critical
Warning
Warning
Information
Information, Verbose
Audit_success
Security Audit Success
Audit_failure
Security Audit Failure
To specify multiple log types, use a colon (,) as a separator. Do not insert a space before or after the colon.
Return values
0 |
Trap started successfully |
4 |
Invalid argument |
6 |
Unable to connect to the server |
7 |
Invalid host information |
8 |
Already running |
9 |
Profile threshold value exceeded |
10 |
Error in obtaining exclusive edit rights |
11 |
Invalid action definition file |
12 |
Invalid authentication definition file |
13 |
Communication error |
14 |
Invalid DB |
17 |
Invalid permission |
18 |
Input/output error |
21 |
Upper limit for number of concurrent executions reached |
255 |
Internal error |
Other values |
Other error |
Example 1
Start a remote monitoring event log trap on host1:
jcfaleltstart -o host1 -f actionDefinition.conf
Example 2
Filter to obtain only the error, warning, and failed-audit event logs when a remote monitoring event log trap on host1 is started:
jcfaleltstart -o host1 -f actionDefinition.conf -filter Error,Warning,Audit_failure