|
Event Log Monitor
|
Event Log Monitor V2
|
|
Windows 2000
|
Windows Vista
|
|
Windows XP
|
Windows 2008
|
|
Windows 2003
|
|
Due to the vast changes to the Windows EventLog in Windows Vista, it was necessary to create a new edition of the EventLog Monitor. This one is specifically designed to process the Windows Vista event logs. The log entries have been split up and are now shown in so-called Channels. These Channels can be considered as categories. First we have the classic EventLog Channels. These consist of the Application-, Security- and System-EventLog etc., which were already known in Windows XP. Then there are the serviced and the direct Channels. The serviced Channels are processed by the EventLog framework for a reliable delivery of the messages, while direct channels are meant for debugging purposes. ConsLogging them may cause a high performance impact. As direct channels are typically not used in practical logging scenarios, they are not yet implemented in the event log monitor. If you have a need to process them, please let us know at support@adiscon.com.
Event Log Monitor Properties
The most important part of this dialog is the treeview of available Channels. It specifies which event logs are to be monitored. In the screenshot above, the monitor is set to all Channels that are currently available. There happen to be custom Channels, too, due to Applications creating them on their own. They will be added to the treeview automatically every time you re-open this configuration windows.
Channels checked in the table are actually processed. Those unchecked are kept in the configuration, but are not processed.
Sleep Time
This is a polling count and has very little application in event log monitor V2. New events are being processed as they are generated by Windows. The polling cycle is only important when the operator resets the last forwarded events (e.g to retransmit all existing event log entries). This request is only carried out during the next polling cycle. This may take "Sleep Time" milliseconds. The recommended setting is 60,000 milliseconds.
Overrun Prevention Delay
This property allows configuring a delay after generating an event. The time is the delay in milliseconds.
If run at a value of zero, the event log monitor service generates events as fast as the machine permits. We have seen scenarios where routers and receivers are not able to keep up with this rate, resulting in packet loss. In addition, the CPU of the reporting machine is run at 100% - which is not a problem because the service runs at a low priority. However, with even a 1-millisecond delay, there is no noticeable CPU activity even when large bursts of events are forwarded. At one millisecond, the service can still generate 1000 events per second.
The default setting is an overrun protection of five milliseconds, which allows roughly 200 events per second. This should be sufficient for even very busy servers.
Select Message Format
With this option you can choose whether the Events will be extracted in "Raw XML Format" or in the "Predefined Event Format".
The XML format is the exact representation of the XML Stream returned by the EventLog System.
Please note that it only contains EventLog data and not a formatted message.
The "Predefined Event Format" is what the Event in the event viewer looks like.