When log tracking is enabled for a Windows resource, you can use the platform.log_track.eventfmt agent property to customize the content of events that the vCenter Hyperic agent logs for Windows events.

This property specifies the content and format of the Windows event attributes that a vCenter Hyperic agent includes when logging a Windows event as an event in Hyperic. agent.properties does not contain the platform.log_track.eventfmt property, you must add it if before you can customize the data logged for Windows events.

By default, when Windows log tracking is enabled, an entry in the format [Timestamp] Log Message (EventLogName):EventLogName:EventAttributes is logged for events that match the criteria you specified on the resource's Configuration Properties page.

Attribute

Description

Timestamp

The time at which the event occurred.

Log Message

A text string.

EventLogName

The Windows event log type, System, Security, or Application.

EventAttributes

A colon-delimited string comprising the Windows event Source and Message attributes.

The following example is for a Windows event that was written to the Windows System event log at 6:06 AM on 04/19/2010. The Windows event Source and Message attributes, are Print and Printer HP LaserJet 6P was paused., respectively.

04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: Print: Printer HP LaserJet 6P was paused.

You can use the following parameters to configure the Windows event attributes that the agent writes for a Windows event. Each parameter maps to a Windows event attribute of the same name.

Parameter

Description

%user%

The name of the user on whose behalf the event occurred.

%computer%

The name of the computer on which the event occurred.

%source%

The software that logged the Windows event.

%event%

A number identifying the particular event type.

%message%

The event message.

%category%

An application-specific value used for grouping events.

For example, if you set the following properties, platform.log_track.eventfmt=%user%@%computer% %source%:%event%:%message%, the vCenter Hyperic agent will write the following data when logging a Windows event.

04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: HP_Admistrator@Office Print:7:Printer HP LaserJet 6P was paused

The entry is for as for a Windows event that was written to the Windows System event log at 6:06 AM on 04/19/2010. The software associated with the event was running as HP_Administrator on the Office host. The Windows event's Source, Event, and Message attributes, are Print, 7, and Printer HP LaserJet 6P was paused., respectively.