Topic
6 replies Latest Post - ‏2013-12-12T11:06:04Z by ITM61
tiv_001
tiv_001
11 Posts
ACCEPTED ANSWER

Pinned topic IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

‏2012-06-25T16:42:33Z |
The 6.2.3 Fix Pack 1 of the Monitoring Agent for Windows OS,support for monitoring any event log in the Windows Event Viewer, instead of only the five standard Windows event logs: Application, System, Security, DNS Server, and Directory Service or File Replication Service.

I would like to know HOW/Where can I enabled this feature. I would like to start monitoring "TEST" application Event log(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\TEST). The user guide only talks about the feature availability but doesn't explain how we can activate it so that data from the custom (TEST) log can be displayed in the Monitored Log workspace.

Any help will be greatly appreciated.
Updated on 2013-03-18T14:43:59Z at 2013-03-18T14:43:59Z by KSCON
  • JiltsovSergey
    JiltsovSergey
    6 Posts
    ACCEPTED ANSWER

    Re: IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

    ‏2012-06-25T19:30:37Z  in response to tiv_001
    May be you should use Log File Agent instead of Windows OS Agent.
    http://publib.boulder.ibm.com/infocenter/tivihelp/v15r1/topic/com.ibm.itm.doc_6.2.3/tivolilogfileagent623fp1_user.htm
  • mcbazza
    mcbazza
    37 Posts
    ACCEPTED ANSWER

    Re: IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

    ‏2012-07-08T08:27:16Z  in response to tiv_001
    See this:
    http://pic.dhe.ibm.com/infocenter/tivihelp/v15r1/index.jsp?topic=%2Fcom.ibm.itm.doc_6.2.3fp1%2Fwinosagent623fp1_user07.htm

    And in case that link doesn't work. Here's the text from the page. Apologies in advance if copy-n-paste direct from IBM sources isn't allowed.
    For version 6.2.3 Fix Pack 1 of the Monitoring Agent for Windows OS, the following enhancements have been made:

    Support for monitoring any event log in the Windows Event Viewer, instead of only the five standard Windows event logs: Application, System, Security, DNS Server, and Directory Service or File Replication Service.
    Note:
    You must specify the exact name of the event log you want to monitor. The Windows Registry Editor lists the event log name as a key in either of two paths:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels
    The name of the event log is the key listed under the Eventlog or Channels key. For example, the Application event log has the key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
  • tiv_001
    tiv_001
    11 Posts
    ACCEPTED ANSWER

    Re: IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

    ‏2012-07-10T21:14:53Z  in response to tiv_001
    Thank you all for your responses. Using custom queries, I am able to display the real time custom application event log data within the workspace(s).
  • KSCON
    KSCON
    3 Posts
    ACCEPTED ANSWER

    Re: IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

    ‏2013-03-18T14:43:59Z  in response to tiv_001
    Hello,
    this issue seems to be answered, but isn't in fact ...
    Where do i have to specify the new log files? Which parameter in KNTENV?

    thx and best regards,
    Klaus Schredl.
    BG Phoenics GmbH
    • Premraju Selvaraj
      Premraju Selvaraj
      21 Posts
      ACCEPTED ANSWER

      Re: IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

      ‏2013-12-11T16:25:27Z  in response to KSCON

      I have been trying to do this for a while now, and i ended up finding some help somewhere. Can anybody please tell me how this is done? I tried several methods with custom queries but nothing helped.

      Any help wold be appreciated. Thanks

      • ITM61
        ITM61
        167 Posts
        ACCEPTED ANSWER

        Re: IBM Tivoli Monitoring 6.2.3 Fixpack 1 Windows OS Agent

        ‏2013-12-12T11:06:04Z  in response to Premraju Selvaraj

        Yeah, the documentation is not really helpfull.

        You have to specify the additional eventlog you want to monitor in KNTENV as described in the doc.

        Afterwards you can set up Situations to monitor this log file. The bad - and propably confusing- point is the the additional log does not appear in the logs Workspaces, hence there is not an automatically browsing possible as it is available with the standard logs.

        Hence just create a dummy sit against this additional log to verify the monitoring is working.

        Probably custom queries are working but i did'nt tested that.