|
ManageEngine® Applications Manager Windows Event Log Rules | ||
By using this option, you can monitor the various Windows and Windows Azure events. The events received will be displayed in the Windows Monitor details page.
Also, you can generate alarms in Applications Manager based on the configured rule. For e.g., when an event of type Error occurs in System Log, you can generate a critical alarm which will in turn affect the health of the Windows or Azure Monitor.
Browse through the following topics to understand Event Log Configuration:
Adding a new event log | Adding a new event log from the Admin Server (Enterprise Edition)
Deleting an event log
Adding a new event log rule
Adding a new Trace Log rule
Adding a new Diagnostic Infrastructure Log rule
Note:
|
For receiving windows events, you have to configure Event Log Rules. You can get notified by the events from the following Log Files:
Application (By default Event Log rule is configured for any Application Error)
System
Security (By default Event Log rule is configured for any Security Failure)
File Replication Service
DNS Server
Directory Service
Adding a new Event Log File
To add new event log file other than what are available by default, click the option "Add New Event Log" in the right hand bottom corner of the web client.
Adding a new event log from the Admin Server (Enterprise Edition)
Event Logs created in the Admin Server in your Enterprise setup is automatically synced to all the respective Managed Servers.
Deleting an Event Log
Click on the Delete Event log button at the top right corner of the event log box, to delete an event log that you have created.
Adding a new Event Log rule
Under Admin tab, click on Log Rules
Click on 'New Rule' for the required Log File type
Enter the Rule Name of your choice
Enter the Event ID associated with the Event Log File (not mandatory)
By clicking the Advanced Options checkbox, you can formulate the rule more specifically by associating:
Source - Application which created the event.
Category - Task Category which contains more information about the event.
User Name - System component or User account that was running the process which caused the event.
Description contains word or matches Regex: The description content of the incoming event, and if the Description contains a particular word. You can perform content check for regular expressions by checking the Regular Expressions checkbox. For e.g., select Log File as [System] and Event Type as [Error] , to get all events of type Error from System Log File.
The number of its occurrences in a poll.
Select the Log File Type (application, system, security, file replication service, DNS Server, directory service).
Choose the Event Type - Error, Warning, Information or Event of Any Type . In case of Security Events, the types would vary between Success Audit and Failure Audit.
Alarm severity can be set to 'Critical' or 'Warning' based on the following conditions :
Depending on the severity of the incoming event and when the event matches a certain number of consecutive polls
The matching event is not generated in the given time window
Alarm severity can be set to 'Clear' based on the following conditions :
If no matching event found for certain number of consecutive polls
If a matching event is generated
At the outset, you can Enable or Disable the rule.
You can set the rule to be applicable to:
All Monitors - All the monitors.
Specific Monitor Types - For e.g., Windows XP, Windows 7, Windows 8 and so on
Selected Monitors - You can select the monitors from a drop down menu or search for the required monitor to which the new rule must me applicable.
The new rule will be displayed in the LogFile rule window.
You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button.
Note: The event logs added by default cannot be deleted. |
You can monitor Windows Azure Trace logs and Diagnostic Infrastructure logs using Applications Manager. You must first configure Trace Log or Diagnostic Infrastructure log rules. The logs received will be displayed in the details page of the Windows Azure Role Instances. You can also generate alarms in Applications Manager based on the configured rule.
For e.g., when an event of type Error occurs in the System Log, you can generate a critical alarm. This alarm will, in turn, affect the Health of the Windows Azure Role Instance.
Here is how you can configure a new rule for Windows Azure:
Trace Logs
Click on New Rule at the right hand corner of the Trace Logs box.
In the Add New Rule for Windows Azure Trace Logs page, enter the name of the rule that you wish to create.
Enter the event id of the rule that you are creating
Enter the string that the message contains.
Select the event type: Any Type, Error, Warning or Information
You also have the option to set the severity of the alarm as critical or warning.
You can enable or disable the rule status.
Click on the Create Rule button.
The new rule wil be displayed in the Trace Logs.
You can edit the rules by clicking on the Edit Rule icon.
You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button.
Diagnostic Infrastructure Logs
Click on New Rule at the right hand corner of the Diagnostic Infrastructure Logs box.
In the Add New Rule for Diagnostic Infrastructure Logs page, enter the name of the rule that you wish to create.
Enter the Error Code of the rule that you are creating.
Enter the string that the message contains.
Enter the string that the Error Message contains.
Select the event type: Any Type, Error, Warning or Information.
You also have the option to set the severity of the alarm as critical or warning.
You can enable or disable the rule status.
Click on the Create Rule button.
The new rule will be displayed in the Diagnostic Infrastructure Logs.
You can edit the rules by clicking on the Edit Rule icon.
You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button.
Action / Alarm Settings |
Alarm Escalation |