5.17 FrsEventLog

Use this Knowledge Script to periodically scan the Windows File Replication Service (FRS) log for file replication events matching the criteria you specify.

Each time this script runs, it checks the FRS log for entries matching the criteria you specify and raises an event if matching entries are found. The event detail message returns the text of the log entries found. When this script is set to collect data, it returns the number of log entries found, and the data point detail message returns the text of the log entries.

In the first interval, the value you specify for the Start with events in past N hours parameter determines how far back in the log to check for matching entries. As the script continues to run at subsequent intervals, it checks for any new entries created since the last time the log was checked.

You can further restrict the types of log entries that generate an event in two ways:

  • Use the Monitor for events of type [...] parameters to search only certain types of events, such as Warning events.

  • Use the Filter the [...] field for parameters to search only for specific information, such as events associated with a specific user or computer name.

5.17.1 Resource Object

File Replication Service folder

5.17.2 Default Schedule

The default interval for this script is Every 10 minutes.

5.17.3 Setting Parameter Values

Set the following parameters as needed:

Parameter

How to Set It

Event?

Set to y to raise an event if FRS log entries match your search criteria. The default is y.

Collect data?

Set to y to collect data for charts and reports. If enabled, data collection returns the number of new FRS log entries. The default is n.

Start with events in past N hours

Set this parameter to determine which events are searched for the first time this script is run. Subsequent searches begin where the last search finished. The following entries are valid:

  • Enter -1 to search all current and previous File Replication Log events during the first interval.

  • Enter 0 to search only for current events; previous events are not searched.

  • Enter the number of hours to go back in the FRS Log to scan for matching events. For example, enter 8 to scan the last 8 hours of the File Replication Log for matching entries.

The default is 0.

Monitor for events of type:

Set to y for each type of event you want to monitor:

  • Error

  • Warning

  • Information

  • Success Audit

  • Failure Audit

If you enable data collection or events, and set any of these parameters to n, this script does not raise an event or collect data for that type of log entry.

The default is y.

Filter the [...] field for

To limit the types of entries that raise events and the type of data that is collected, enter a search string that filters the following fields in the event log:

  • Source. Specify text strings to look for in the Source field. Separate multiple strings with commas.

  • Category. Specify text strings to look for in the Category field. Separate multiple strings with commas.

  • Event ID. Specify a single event ID or a range of event IDs. Separate multiple entries with commas. For example: 414,1028-1400,4015.

  • User. Specify a search string to look for events associated with a particular use, for example, <domain name>\<user name>. Separate multiple strings with commas. For example: USA\Tom,USA\Chris,EUROPE\Alex.

  • Computer. Specify computer names to look for. Separate multiple entries by commas. For example: SHASTA,MARS.

  • Event Description. Specify a detail description or keywords in the description. The string can contain spaces, underscores, and periods. Separate multiple entries with commas. For example: no domain,critical error from the Active Directory.

The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary.

Maximum number of entries per event message

Specify the maximum number of entries to be recorded in each event's detail message. If, during any interval when it scans the log, this script finds more entries in the log than can be put into a single event message, it raises multiple events to return all the log entries. The default is 30 entries.

Event severity

Set the event severity level, from 1 to 40, to indicate the importance of an event in which FRS log entries match your search criteria. You can adjust the severity level based on the types of events you are checking for. The default is 8 (red event indicator).