The PreFilter keyword is optional. All Windows NT log events are
sent to the adapter if prefilters are not specified and
PreFilterMode=OUT
.
For additional information about prefiltering Windows NT log
events, see “Prefiltering Windows NT Log Events” on page 130.
PreFilterMode
Specifies whether Windows NT log events that match a PreFilter
statement are sent (PreFilterMode=IN) or ignored
(PreFilterMode=OUT). Valid values are IN, in, OUT, or out. The
default is OUT.
The PreFilterMode keyword is optional; if PreFilterMode is not
specified, only events that do not match any PreFilter statements
are sent to the adapter.
Note:
If you set PreFilterMode=IN, make sure you have one or
more PreFilter statements defined as well.
For additional information about prefiltering Windows NT event
log events, see “Prefiltering Windows NT Log Events” on page 130.
SpaceReplacement
When SpaceReplacement is FALSE, any spaces in the security ID
and subsource fields of the event log messages are left unchanged.
When SpaceReplacement is TRUE, any spaces in the security ID
and subsource fields of the event log messages are replaced with
underscores. Set SpaceReplacement to TRUE if the format file
expects the security ID and subsource fields to be a single word
(that is, uses a %s format specification for them). The default
setting is TRUE.
UnmatchLog
Specifies a file to log discarded events that cannot be parsed into
an IBM Tivoli Enterprise Console event class by the adapter. The
discarded events can then be analyzed to determine if
modifications are needed to the adapter format file.
Prefiltering Windows NT Log Events
You can improve Windows NT event log adapter performance by filtering events
in the Windows NT event logs so only those events that are of importance to
administrators are processed by the adapter. This type of filtering is called
prefiltering because it specifies selection criteria based on the raw Windows NT
event record rather than the formatted IBM Tivoli Enterprise Console event. The
prefiltering is performed before the event is formatted into an IBM Tivoli
Enterprise Console event and subjected to any filtering specified with the Filter or
FilterCache
configuration file keywords.
Like other adapter filtering, prefiltering is specified in the adapter configuration
file using a similar syntax. The prefiltering statements, PreFilter and
PreFilterMode
, are described in “Configuration File” on page 128.
As with any modification to an adapter configuration file, you must stop and
restart the adapter for the changes to take effect.
There are four attributes of the Windows NT event logs that you can use in
defining prefilter statements. They are described in the following list:
130
IBM Tivoli Enterprise Console: Adapters Guide
Summary of Contents for Enterprise Console
Page 1: ...IBM Tivoli Enterprise Console Adapters Guide V ersion 3 8 GC32 0668 01...
Page 2: ......
Page 3: ...IBM Tivoli Enterprise Console Adapters Guide V ersion 3 8 GC32 0668 01...
Page 8: ...vi IBM Tivoli Enterprise Console Adapters Guide...
Page 66: ...54 IBM Tivoli Enterprise Console Adapters Guide...
Page 76: ...64 IBM Tivoli Enterprise Console Adapters Guide...
Page 90: ...78 IBM Tivoli Enterprise Console Adapters Guide...
Page 138: ...126 IBM Tivoli Enterprise Console Adapters Guide...
Page 156: ...144 IBM Tivoli Enterprise Console Adapters Guide...
Page 176: ...164 IBM Tivoli Enterprise Console Adapters Guide...
Page 180: ...168 IBM Tivoli Enterprise Console Adapters Guide...
Page 192: ...180 IBM Tivoli Enterprise Console Adapters Guide...
Page 193: ......
Page 194: ...Program Number 5698 TEC Printed in U S A GC32 0668 01...