Event Log (PD_ELOG)
- Organization of this page
Function
The Event Log (PD_ELOG) record stores event log data recording the following information about applications, systems, and security at given points in time:
-
Time of each event log
-
Event source
-
Event type
-
Event ID
-
Event explanation
This is a multi-instance record.
- Notes:
-
-
This record collects the incremental data that has become available since the event log monitoring began. For a historical report, it may take as long as twice the specified collection interval before the first data is stored. For a real-time report, this record is collected during the second and subsequent collection intervals.
-
If a large volume for an event log is recorded during the collection interval for this record, collection of other records may be delayed or a time-out may occur. When collecting this record, set the collection interval such that the incremental event log corresponding to a collection interval of 10 seconds does not exceed 1,000 items/number-of-reports-to-be-concurrently-displayed.
-
This record collects only those event logs that occur during record collection after the start of the Agent Collector service. Therefore, it cannot collect event logs that occur during the start or stop of the OS, Performance Management, or collection of this record.
-
This record collects the contents recorded in event logs, and thus is not suitable for automatically determining that the system has returned to the normal state after an error or warning was detected based on an alarm. Therefore, it is recommended that you use a setting, such as Always notify, that always issues notification about an alarm event when an error or warning condition is met.
-
You can use the collection data addition utility to specify the event log collection target.
-
During record collection, if a non-collection target event log is changed to a collection target, the event logs that occurred since the previous collection time are collected.
-
This record does not support collection in a logical host environment. Collect this record in a physical host environment.
-
Only the following registry event logs can be collected by using the PD_ELOG record.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
-
Default values and values that can be specified
Item |
Default value |
Modifiable |
---|---|---|
Collection Interval |
60 |
Yes |
Collection Offset# |
0 |
Yes |
Log |
No |
Yes |
LOGIF |
Blank |
Yes |
Over 10 Sec Collection Time |
No |
No |
Realtime Report Data Collection Mode |
Reschedule |
Yes |
- #
-
A value between 0 and 32,767 seconds can be specified (a value within the range specified for Collection Interval). Use this item to distribute the collection load, because executing data collection all at once results in concentration of the processing workload. Note that the data collection duration to be recorded is the same as the Collection Interval, regardless of the value specified for Collection Offset.
ODBC key fields
-
PD_ELOG_EVENT_ID
-
PD_ELOG_SOURCE_NAME
-
PD_ELOG_TIME_GENERATED
Lifetime
None
Record size
-
Fixed portion: 677 bytes
-
Variable portion: 944 bytes
Fields
PFM-View name (PFM - Manager name name) |
Description |
Smry |
Format |
Delta |
Not sprtd on |
Data source |
---|---|---|---|---|---|---|
Computer Name (COMPUTER_NAME) |
Name of the computer that generated the event. |
-- |
string (36) |
No |
-- |
-- |
Description (DESCRIPTION) |
Event log explanation. |
-- |
string (512) |
No |
-- |
-- |
Event Category (EVENT_CATEGORY) |
Sub-category unique to the event source. |
-- |
string (36) |
No |
-- |
-- |
Event ID (EVENT_ID) |
Event ID. |
-- |
ulong |
No |
-- |
-- |
Event Type ID (EVENT_TYPE_ID) |
Event type identifier. One of the following values is used for this field. 0: Success Audit 0: Failure Audit 1: Critical 2: Error 3: Warning 4: Information 5: Verbose |
-- |
ulong |
No |
-- |
-- |
Event Type Name (EVENT_TYPE_NAME) |
Event type. One of the following values is used for this field: - Error - Warning - Information - Success Audit - Failure Audit - Critical - Verbose |
-- |
string (26) |
No |
-- |
-- |
Log Name (LOG_NAME) |
Event log type. The value of this field is one of the following: - Application - Security - System |
-- |
string (26) |
No |
-- |
-- |
Record Time (RECORD_TIME) |
Time at which the record was created. |
-- |
time_t |
No |
-- |
-- |
Record Type (INPUT_RECORD_TYPE) |
Record name. Always ELOG. |
-- |
char (8) |
No |
-- |
-- |
Source Name (SOURCE_NAME) |
Name of the source (application, service, driver, or subsystem) that generated the entry. |
-- |
string (256) |
No |
-- |
-- |
Time Generated (TIME_GENERATED) |
Time at which the event entry was submitted. |
-- |
time_t |
No |
-- |
-- |
User Name (USER_NAME) |
User name that was active when the event was recorded. |
-- |
string (36) |
No |
-- |
-- |
User Sid (USER_SID) |
Type of user security ID that was active when the event was recorded. One of the following values is used for this field: 1: User 2: Group 3: Domain 4: Alias 5: Known group 6: Deleted account 7: Invalid 8: Unknown type 9: Computer 0: No information |
-- |
ulong |
No |
-- |
-- |