When log tracking is enabled for a Windows resource, you can use the platform.log_track.eventfmt agent property to customize the content of events that the vRealize Hyperic agent logs for Windows events.

platform.log_track.eventfmt

This property specifies the content and format of the Windows event attributes that a vRealize Hyperic agent includes when logging a Windows event as an event in Hyperic. agent.properties does not contain the platform.log_track.eventfmt property, you must add it if before you can customize the data logged for Windows events.

By default, when Windows log tracking is enabled, an entry in the format [Timestamp] Log Message (EventLogName):EventLogName:EventAttributes is logged for events that match the criteria you specified on the resource's Configuration Properties page.

Attribute

Description

Timestamp

The time at which the event occurred.

Log Message

A text string.

EventLogName

The Windows event log type, System, Security, or Application.

EventAttributes

A colon-delimited string comprising the Windows event Source and Message attributes.

The following example is for a Windows event that was written to the Windows System event log at 6:06 AM on 04/19/2010. The Windows event Source and Message attributes, are Print and Printer HP LaserJet 6P was paused., respectively.

04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: Print: Printer HP LaserJet 6P was paused.

Configuration

You can use the following parameters to configure the Windows event attributes that the agent writes for a Windows event. Each parameter maps to a Windows event attribute of the same name.

Parameter

Description

%user%

The name of the user on whose behalf the event occurred.

%computer%

The name of the computer on which the event occurred.

%source%

The software that logged the Windows event.

%event%

A number identifying the particular event type.

%message%

The event message.

%category%

An application-specific value used for grouping events.

For example, if you set the following properties, platform.log_track.eventfmt=%user%@%computer% %source%:%event%:%message%, the vRealize Hyperic agent will write the following data when logging a Windows event.

04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: HP_Admistrator@Office Print:7:Printer HP LaserJet 6P was paused

The entry is for as for a Windows event that was written to the Windows System event log at 6:06 AM on 04/19/2010. The software associated with the event was running as HP_Administrator on the Office host. The Windows event's Source, Event, and Message attributes, are Print, 7, and Printer HP LaserJet 6P was paused., respectively.