Properties and command line options

You use properties to specify how the probe interacts with the device. You can override the default values by using the properties file or the command line options.

The following table describes the properties and command line options specific to this probe. For information about default properties and command line options, see the IBM Tivoli Netcool/OMNIbus Probe and Gateway Guide.

Table 1. Properties and command line options

Property name

Command line option

Description

Buffer integer

-buffer (This is equivalent to Buffer with a value of 1.)

-nobuffer (This is equivalent to Buffer with a value of 0.)

Use this property to specify whether buffering is used when sending events to the ObjectServer. This property takes the following values:

0: The probe does not use event buffering.

1: The probe buffers events before sending them to the ObjectServer.

The default is 0.

If multithreaded processing is in operation (the default), a separate communication thread is used to send data to each registered target ObjectServer, and a separate text buffer is therefore maintained for each ObjectServer.

Note: All events sent to the same table are sent in the order in which they were processed by the probe. If alerts are sent to multiple tables, the order is preserved for each table, but not across tables.

BufferSize integer

-buffersize integer

Use this property to specify the number of events that the probe buffers before sending them to the ObjectServer.

The default is 10.

ConfigFile string

-configfile string

Use this property to specify the location of the XML configuration file which defines the logs that the probe monitors, and the filters that the probe uses to limit which events it receives.

The default is %OMNIHOME%\probes\win32\wineventlog.xml

EnableLastEventFilter integer

-enableLastEventFilter integer

Use this property to enable the last event filter which stores the last event generated so that when the probe restarts it will resynch the event list only as far back as the last stored event. This property takes the following values:

0: The probe does not use the last event filter.

1: The probe uses the last event filter.

The default is 1.

EnableDetailEventDesc integer

-enabledetaileventdesc integer

Use this property to specify whether the probe extracts the full event message, or just the first line of the message. This property takes the following values:

0: The probe only extracts the first line of the event.

1: The probe extracts the full event description

The default is 0.

Note: A typical Windows event consists of multiple lines. The first line contains the event ID. When this property is set to 0, the probe attempts to find a period followed by space ". " as an indicator of the first line. If this terminator is not found, the probe extracts the full description. The terminator is based on observation of the Event Message format in Event Viewer.

EventAttribute string

-eventattribute string

Use this property to specify a comma-separated list of additional attributes that the probe generates for all logs that it monitors.

The default is "".

For a list of the attributes that you can specify using this property, see: Event Attributes

FlushBufferInterval integer

-flushbufferinterval integer

Use this property to specify the interval (in seconds) that the probe waits before flushing the buffer contents to the ObjectServer.

The default is 0.

LastEventMarkerPath string

-lasteventmarkerpath string

Use this property to specify the location of the last event marker file.

The default is %OMNIHOME%\probes\win32.

ReadFileInterval integer

-readFileInterval integer

Use this property to specify how frequently (in seconds) the probe checks for changes to the XML configuration file specified by the ConfigFile property. If the file has changed the probe reloads it.

The default is 3.

Retry integer

-retry integer

Use this property to specify whether or not the probe attempts to reconnect automatically after an error. This property takes the following values:

0: The probe does not attempt to reconnect automatically.

1: The probe attempts to reconnect automatically.

The default is 1.

SecondaryLocale string

-secondarylocale string

Use this property to specify a secondary locale to use when processing the EventDescription entry in an event. If the entry is not populated using the system locale, the probe uses this locale to try and populate the entry.

The default is en-US.

SourceType string

-sourcetype string

Use this property to specify the Microsoft library to use when reading data from the event log. This property takes the following values:

DotNet: Use the Windows .NET libraries.

Native: Use the Windows native library, wevtapi.dll.

The default is DotNet.

This property can help to avoid an issue where the Event Description entry is null on East Asian locales when using the DotNet method. In this case, change the value of this property to Native.