ManageEngine® Applications Manager Windows Event Log Rules |
||
By using this option, you can monitor the various Windows and Windows Azure events. The events received will be displayed in the Windows Monitor details page. Also, you can generate alarms in Applications Manager based on the configured rule. For eg., When an event of type Error occurs in System Log, you can generate a critical alarm which inturn will affect the Health of the Windows or Azure Monitor.
Note: Event Log Monitoring is available in Windows Installations and also in WMI mode of monitoring only.
For receiving windows events, you have to configure Event Log Rules. You can get notified by the events from the following Log Files
Application (By default Event Log rule is configured for any Application Error)
System
Security (By default Event Log rule is configured for any Security Failure)
File Replication Service
DNS Server
Directory Service
To add new event log other than what are available by default, click the option "Add New Event Log" in the right hand bottom corner of the web client.
Follow the steps given below, to add a new Event Log rule:
Under Admin tab, click on Event Log Rules
Click on 'Add New Rule'
Enter the Rule Name of your choice
Enter the Event ID associated with the Event Log File (not mandatory)
Choose the Event Type - Error, warning, Information. In case of Security Events, the types would vary between Success Audit and Failure Audit
At the outset, you can enable or disable the Rule Status
By clicking on Advanced Options, you can formulate the rule more
specifically by associating the source, category, username, and description
content of the incoming event to the alarm severity.
For Eg., select Log File as [System] and Event Type as [Error] , to get all
events of type Error from System Log File.
Deleting a New Event Log
New Event logs created by the user can be deleted. Click on the Delete Event log button at the top right corner of the event log box that you want to delete.
Note:
The event logs added by default cannot be deleted.
You can monitor Windows Azure Trace logs and Diagnostic Infrastructure logs using Applications Manager. For this you have to first configure Trace Log Rules and Diagnostic Infrastructure log rules. The logs received will be displayed in the details page of the Windows Azure Role Instances. Also, you can generate alarms in Applications Manager based on the configured rule.
For eg., when an event of type Error occurs in the System Log, you can generate a critical alarm. This alarm will, in turn, affect the Health of the Windows Azure Role Instance.
Trace Logs:
To configure a new rule for Windows Azure Trace logs:
Click on New Rule at the right hand corner of the Trace Logs box.
In the Add New Rule for Windows Azure Trace Logs page, enter the name of the rule that you wish to create.
Enter the event id of the rule that you are creating
Enter the string that the message contains.
Select the event type: Any Type, Error, Warning or Information
You also have the option to set the severity of the alarm as critical or warning.
You can enable or disable the rule status.
Click on the Create Rule button.
The new rule wil be displayed in the Trace Logs. You can edit the rules by clicking on the Edit Rule icon. You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button.
Diagnostic Infrastructure Logs:
To configure a new rule for Diagnostic Infrastructure Logs:
Click on New Rule at the right hand corner of the Diagnostic Infrastructure Logs box.
In the Add New Rule for Diagnostic Infrastructure Logs page, enter the name of the rule that you wish to create.
Enter the Error Code of the rule that you are creating.
Enter the string that the message contains.
Enter the string that the Error Message contains.
Select the event type: Any Type, Error, Warning or Information.
You also have the option to set the severity of the alarm as critical or warning.
You can enable or disable the rule status.
Click on the Create Rule button.
The new rule wil be displayed in the Diagnostic Infrastructure Logs. You can edit the rules by clicking on the Edit Rule icon. You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button.
Action/Alarm Settings |
Alarm Escalation |