platform.log_track.eventfmt

Description

Specifies the content and format of the Windows event attributes that a Hyperic Agent includes when logging a Windows event as an event in Hyperic. agent.properties does not contain the platform.log_track.eventfmt property, you must explicitly add it if you want to tailor the data logged for Windows events.

Default Behavior

When Windows log tracking is enabled, an entry of this form is logged for events that match the criteria you specified on the resource's Configuration Properties page:

[Timestamp] Log Message (EventLogName):EventLogName:EventAttributes

where:

  • Timestamp - is when the event occurred

  • Log Message - is an text string

  • EventLogName - is the Windows event log type, "System", "Security", or "Application".

  • EventAttributes - a colon delimited string made of the Windows event Source and Message attributes.

For example, this log entry: 

 04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: Print: Printer HP LaserJet 6P was paused.

is for an Windows event written to the Windows System event log at 6:06 AM on 04/19/2010. The Windows event Source and Message attributes, are "Print" and "Printer HP LaserJet 6P was paused.", respectively.

Configuration

You can use the parameters below to configure the Windows event attributes that the agent writes for a Windows event. Each parameter maps to Windows event attribute of the same name.

  • %user% — The name of the user on whose behalf the event occurred.

  • %computer% — The name of the computer on which the event occurred.

  • %source% — The software that logged the Windows event.

  • %event% — A number identifying the particular event type.

  • %message% — The event message.

  • %category% — An application-specific value used for grouping events.

For example, with this property setting:

platform.log_track.eventfmt=%user%@%computer% %source%:%event%:%message%

the Hyperic Agent will write the following data when logging Windows event:

04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: HP_Admistrator@Office Print:7:Printer HP LaserJet 6P was paused.

This entry is for as for an Windows event written to the Windows System event log at 6:06 AM on 04/19/2010. The software associated with the event was running as "HP_Administrator" on the host "Office". The Windows event's Source, Event, and Message attributes, are "Print", "7", and "Printer HP LaserJet 6P was paused.", respectively.