5.34 RSVPEventLog

Use this Knowledge Script to periodically scan the Windows Application log for QoS/RSVP-related events matching the criteria you specify.

Each time this script runs, it checks the Application log for entries matching your selection criteria and raises an event if matching entries are found. The event detail message returns the text of the log entries found. When data collection is enabled, the job returns the number of log entries found, and the data point detail message returns the text of the log entries.

In the first interval, the value you specify for the Start with events in past N hours parameter determines how far back in the log to check for matching entries. As the script continues to run at subsequent intervals, it checks for any new entries created since the last time the log was checked.

You can further restrict the types of log entries that generate an event in two ways:

  • Use the Monitor for events of type [...] parameters to search only certain types of events, such as Warning events.

  • Use the Filter the [...] field for parameters to search only for specific information, such as events associated with a specific user or computer name.

5.34.1 Resource Object

QoS folder

5.34.2 Default Schedule

The default interval for this script is Every 10 minutes.

5.34.3 Setting Parameter Values

Set the following parameters as needed:

Parameter

How to Set It

Event?

Set to y to raise an event if log entries match your search criteria. The default is y.

Collect data?

Set to y to collect data for charts and reports. If enabled, data collection returns the number of new event log entries. The graph data detail message returns the text of the log entries. The default is n.

Start with events in past N hours

Set this parameter to determine which events are searched for the first time the Knowledge Script is run. Subsequent searches begin where the last search finished. The following entries are valid:

  • Enter -1 to search all current and previous Application Log events during the first interval.

  • Enter 0 to search only for current events; previous events are not searched.

  • Enter the number of hours to go back in the Application Log to scan for matching events. For example, enter 8 to scan the last 8 hours of the Application Log for matching entries.

The default is 0.

Monitor for events of type:

Set to y for each type of event you want to monitor:

  • Error

  • Warning

  • Information

  • Success Audit

  • Failure Audit

If you enable data collection or events, and set any of these parameters to n, this script does not raise an event or collect data for that type of log entry.

The default is y.

Filter the [...] field for

To limit the types of entries that raise events and the type of data that is collected, enter a search string that filters the following fields in the event log:

  • Category. Specify text strings to look for in the Category field. Separate multiple strings with commas.

  • Event ID. Specify a single event ID or a range of event IDs. Separate multiple entries by commas. For example: 414,1028-1400,4015.

  • User. Specify a search string to look for events associated with a particular user, for example, <domain name>\<user name>. Separate multiple strings with commas. For example: USA\Tom,USA\Chris,EUROPE\Alex.

  • Computer. Specify computer names to look for. Separate multiple entries by commas. For example: SHASTA,MARS.

  • Event Description. Specify a detail description or keywords in the description. The string can contain spaces, underscores, and periods. Separate multiple entries with commas.

The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary.

Maximum number of entries per event message

Specify the maximum number of entries to be recorded in each event's detail message. If, during any interval when it scans the log, the script finds more entries in the log than can be put into a single event message, it raises multiple events to return all the log entries. The default is 30 entries.

Event severity

Set the event severity level, from 1 to 40, to indicate the importance of an event in which log entries match your search criteria. You can adjust the severity based on the types of events you are checking. The default is 8 (red event indicator).