ntevl IM Configuration

This article is for probe versions 4.2 or later.
uimpga-ga
ntevl_IM
This article describes the configuration concepts and procedures to set up the NT Event Log Monitoring (ntevl) probe. You can create profiles for event log messages and define automated actions for specific events. The probe generates alarms based on new messages in the event logs.
This article is for probe versions 4.2 or later.
The following diagram outlines the process to configure the probe.
Configuring ntevl on IM
Configuring ntevl on IM
Contents
2
Verify Prerequisites
(Optional) Configure General Properties
You can change the default configuration of your probe if these settings do not meet your requirements. After the probe installation, it is active and immediately attempts to publish data. You can configure the following general properties of the probe:
  • Delimiter properties
  • Run type and interval properties
  • Post message properties
  • Logging properties
  • Event retrieval properties
  • Encoding properties
  • WMI query properties
  • Event log file selection
Follow these steps:
  1. Select the
    Setup
    >
    Properties
    tab.
  2. Update the following information to configure the general properties of the probe:
    • Probe Active:
      enables the probe for monitoring.
    • Description Delimiter:
       defines an ASCII character to replace the existing character as delimiter. For example, the event log message consists of three lines and the description delimiter is #; then the probe returns 
      Line 1 Text # Line 2 Text # Line 3 Text
       in the alarm message. CA recommends you to use a special character as delimiter.
    • Remove Recurring Delimiter:
      enables the probe to remove the repetition of the delimiter.
      Default: Not selected
  3. Update the following information in the
    Run Type
    section to configure the interval and the condition when the probe updates the events list:
    • Poll:
      updates the events list at specified intervals.
      • Poll Interval (Seconds):
        specifies the time interval to update the events list.
        Default: 30
        Reduce this interval to generate alarms frequently. A shorter interval can also increase the system load.
      • Alarm Timeout (Seconds):
        specifies the maximum duration the probe waits
        to retrieve new event details before it generates an alarm. CA recommends you to specify a lower value than the
        Poll Interval
        .
        Default: 10
    • Event:
       updates the event list when a new event is logged in the Windows event log file.
      • Alarm Timeout (Seconds):
        specifies the maximum duration the probe waits
        to retrieve new event details before it generates an alarm.
        Default: 10
        Leave this field blank to generate alarms at event occurrence.
  4. Update the following information in the
    Post Event Log Message Setup
    section to configure the Post message properties:
    • Default Post Subject:
      defines the default subject for the event log post message.
      Default: ntevl
      The following subjects are internally used in CA UIM for alarm messages, and cannot be used in this field:
      • alarm
      • alarm_new
      • alarm_update
      • alarm_close
      • alarm_assign
      • alarm_stats
      • QOS_MESSAGE
      • QOS_DEFINITION
        • If any of the above mentioned subjects is used in the
          Default Post Subject
          field, then the probe uses the 'evl_' as the message subject. If the field is left blank, the probe uses
          ntevl 
          as the default post message subject.
        • The
          Default Post Subject
          only defines the default post message subject. To send the message, enable the
          Post Message
          option in the Alarm section for each profile. You can also override the message subject from each profile.
    • Column Prefix:
       defines the text which is added with each field name of the event log when the probe posts a message. This prefix to the text and field name are set to identify the field in the posted message.
      Default: evl_
  5. Update the following information in the
    Logging
    section to configure the logging properties of the probe:
    • Log File:
       defines the name of the log file to monitor the probe-specific logs. This file is different from the Windows log file.
      Default: ntevl.log
    • Log File Size (KB):
       specifies a maximum size of the probe log file. The older entries are deleted when this size is reached.
      Default: 100 KB
    • Log Level:
       specifies the level of details that are written to the log file, as follows:
      • 0 - Logs only severe information (default)
      • 1 - Logs error information
      • 2 - Logs warning information
      • 3 - Logs general information
      • 4 - Logs debugging information
      • 5 - Logs tracing/low-level debugging information
      Log as little as possible during normal operation to minimize disk consumption, and increase the amount of detail when debugging.
  6. Update the following information in the
    Fetch Event Setup
    section to configure the event retrieval properties of the probe:
    • Maximum Events to Fetch:
       defines the maximum events (latest) that the probe retrieves from each event log file. These events are also displayed in the
      Events 
      section. If the field is left blank, the probe displays all the events.
      Do not configure the
      Maximum Events to Fetch
      field value to more than 1000 else the probe can stop responding. For more information, see the
      Known Issues
      section in ntevl (NT Event Log Monitoring) Release Notes.
    • Fetch Alarms on Configurator Startup:
      enables the probe to retrieve all alarms at configuration start-up (select the
      Status
      tab to view the alarm list). Leave this option unchecked to manually click
      Refresh
      on the
      Status
      tab to retrieve the alarms.
      Default: Selected
  7. Update the following information to configure the encoding properties of the probe:
    • Output Encoding
      : specifies the character encoding to generate alarms and QoS messages when the probe is deployed in a non-English locale. CA recommends you to specify the same encoding as that of the monitored system, unless explicitly stated to use a different one.
      Default: NA
    • System Encoding
      : specifies the encoding of the system where the probe is installed. 
      Default: NA
      The probe auto-detects the system and output encoding when these field values are blank. However, CA recommends you to specify the appropriate encoding in System Encoding fields. You can use UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, Shift_JIS, ISO-2022-JP, ISO-2022-CN, ISO-2022-KR, GB18030, GB2312, Big5, EUC-JP, EUC-KR, ISO-8859-1, ISO-8859-2, windows-1250, and windows-1252 encodings.
    • Variable Name with non ASCII Characters:
      enables you to create variable names in supported non-English languages. Add a space after the variable name to expand the variables correctly.
      Default: Selected
      If you select this option, you must add a space after the variable name to expand the variables correctly.
    • Disable continuous update of position file:
      allows you to update the position file at the specified interval.
      Default: Selected
      (Version 4.21 or earlier)
       This field is not selected, by default.
      This field must be enabled for both Poll Interval and Event Mode in case of higher event generation rate.
    • Position File Update Interval:
      defines the time interval when the position file is updated with the last location of the processed event log. CA recommends you to specify a maximum time interval of 60 seconds.Default: 60 Seconds 
    • Enable Position File Backup Interval:
      allows the probe to back up the position file.Default: Not selected
    • Position File Backup Interval:
      defines the time interval when the probe backs up the position file.Default: 10 Seconds
      The probe keeps the backup of the position file during unexpected system reboot or system crash. In such cases, reboot alarms occur, but it is possible to get duplicate alarms for the specified time interval.
       
  8. Update the following information to configure the WMI query and queue properties of the probe:
    • WMI Query Timeout:
       defines the time-out interval of WMI query to retrieve the monitoring data. The probe uses WMI queries when hosted on operating systems earlier than Windows Server 2008.
      Default: 1
      The WMI service must be enabled on the host system for this option to work. The probe displays the events in the following order:
      • (Windows version older than Windows Vista, and Windows 2008)
        The latest event is retrieved and displayed as the first record.
      • (Windows 2008, and Windows Vista (until service pack 1))
         The earliest event is displayed as the first record.
      • (Windows Vista (service pack 2, and above))
        The latest events are displayed first.
      Reduce this interval to generate alarms frequently. A shorter interval can also increase the system load.
    • WMI Timeout Interval Unit: 
      specifies the unit for the WMI query timeout.
      Default: Seconds
    • Alarm List Size:
       specifies the buffer size of the event list that match the monitoring profile criteria. For example, a monitoring profile generates an alarm when the matching events count reaches 50. Until the event count is up to 49; the probe keeps the events detail in the buffer.
      Default: 1000
      This field value must be greater than or equal to the number of monitoring profiles.
    • Maximum Number of Threads:
       specifies the maximum number of request processing threads that the probe can simultaneously execute.
      Default: 1 
      CA recommends the following configuration for event generation rate:
      • In the Event Mode, the Maximum Number of Threads must be 10 for 400 events/sec and 20 for 600 events/sec.
      • In the Poll Interval Mode, the Maximum Number of Threads must be 10 for 400 events/sec and 50 for 600 events/sec.
      You can increase the number of threads if probe is not able to meet the specified performance. 
    • Max Queue Size:
      specifies the maximum number of events that are contained in a queue. The probe monitors the events based on the specified time interval. You can view the probe logs at log level 0 to check whether the queue size has reached the maximum limit.
      Default: 30000
      CA has certified the following configuration for event generation rate of 600 events/sec:
      • Maximum Number of Threads: 1
      • Max Queue Size: 30000
      • Wait on Max Queue size: 1 milliseconds
      • Enable
        Disable continuous update of position file
        with Position File Update Interval as 1 second
      • In the Event Mode, set Alarm Timeout as 10 seconds.
      • In the Poll Interval Mode, set Alarm Timeout as 10 seconds and Poll Interval as 30 seconds.
      If the queue size increases beyond the specified limit, you can increase the number of threads to process events faster.
    • Wait on Max Queue size:
      specifies the minimum time that the probe waits before monitoring the next queue of events if the
      Max Queue Size
      is reached. The wait time may cause delayed alarms on events that are monitored.
      Default: 1 Milliseconds
  9. (Optional)
    Select a log file from the 
    Available Log Files
    list and click
    Add
    ( ntevlSelBtn.png ) to add it to the
    Log Files to be Monitored
    list for monitoring.
    Default: Application, Security, and System
    The probe requires at least one log file in 
    Log Files to be Monitored
    list.
    You can also click
    Remove
    ( ntevlRemBtn.png ) to remove a log file from monitoring. If you remove a log file that is used in a profile and save the settings, the probe does not save the configuration and displays an error message.
  10. (Optional - version 4.24 or later)
    Select
    Save Log List on Upgrade
    to save the logs in the
    Log Files to be Monitored
    list in the configuration file (cfg) on probe upgrade.
    On version 4.23 and earlier, the probe does not save the log list on upgrade. When you upgrade the probe from an earlier version to 4.24 or later the first time, the removed defaults reappear. However, you can enable this field to retain the configuration changes on upgrade to the next version or later.
  11. Click
    Apply
    to save the configuration.
(Optional) Configure Language Strings in Non-English Locales
The probe displays all event severity as Information, when deployed in a non-English locale. When the probe is installed on Windows Vista, Windows Server 2008 R2, or a later version, Windows returns event severity string in their specific locales and the probe is not able to compare these values with an equivalent English string. You can configure the locale-specific severity strings when the probe is deployed in a non-English locale.
Follow these steps:
  1. Navigate to the
    Setup
    >
    Language String Configuration
    tab.
  2. Update the following information to define appropriate strings to identify the event severity:
    • Critical:
      For example, define 
      critique
       for the French locale.
    • Information:
      For example, define 
      informations
       for the French locale
    • Warning:
      For example, define 
      avertissement
       for the French locale.
    • Verbose:
      For example, define 
      verbeux 
      for the French locale.
    • Error:
      For example, define 
      erreur
       for the French locale.
  3. Click
    Apply
    to save the configuration.
(Optional) Configure Subsystems
You can define a new subsystem ID for any custom log file that is selected for monitoring. The default configuration of the probe monitors security, system, and application log files, with the 1.1.11.1.1, 1.1.11.1.3, and 1.1.11.1.2 subsystem IDs respectively.
Do not delete or modify any of the default subsystem ids.
Follow these steps:
  1. Navigate to the
    Setup
    >
    Subsystems Configuration
    tab.
  2. Right-click and select
    New
    .
  3. Update the following information to configure the subsystem ID to be used for an event log:
    • Subsystem Key:
       defines a subsystem key for the appropriate log file. This key must be identical to the corresponding log file name and contain only small characters. For example, use
      microsoft-windows-dhcp-client/admin
      for 
      Microsoft-Windows-Dhcp-Client/Admin
      log file.
    • Subsystem Value:
       defines a different alarm subsystem for each monitored log file. CA recommends you to use the default subsystem ID pattern (2.1.2.x) for other log files too. This pattern is mandatory to view the metric details under the Event Log node of the Unified Management Portal (UMP).
      You can also define a name for a newly defined subsystem value in the 
      nas
       probe. If you do not define a name, the subsystem value is displayed as is in UMP.
  4. Click
    Apply
    to save the configuration.
Create Profiles
You can create profiles to monitor event logs and generate alarms for unexpected events. The
Event Log
displays retrieved events from the monitored host. You can create profiles for specific events. You can also right-click and select
Clear log
to remove all messages from current event log.
You can also use regular expressions in event criteria fields to use a single profile for multiple events. For more information, see ntevl Regular Expressions. The probe also includes two default profiles for all events and all errors in the log. For example, the
allevents
default profile uses the * regular expression to monitor all events in the events log file.
The probe executes the monitoring profiles sequentially in their creation order. However, the probe interface sorts the profiles alphabetically. CA recommends you to add a prefix in the profile name to keep their creation order and the display order same. For example, add 1, 2, and 3 after a profile name.
Follow these steps:
  1. Open the
    Status
    tab.
  2. Select the required event log file from the
    Event Log
    drop-down list.
    The
    Event Log
    drop-down list displays only those log files that are selected in the
    Setup
    tab >
    Properties
    tab >
    Log Files to be Monitored
    list. For more information, see
    Step 9
    in the
    Configure General Properties
    section.
  3. Click
    Refresh
    to view the events from the log file.
    The probe throws the
    Failed to get events
    error while retrieving the event list when the event count is higher, for example, 3000 or more. The actual event count varies due to your system configuration and performance. In such case, reduce the value of
    Maximum Events to Fetch
    field in the
    Properties
    tab.
  4. Select the applicable event to monitor.
  5. Right-click and select
    New profile
    to create a profile for the event.
    You can also create a profile for an event log that is not generated. Open the
    Setup
    >
    Profiles
    tab and right-click and select
    New
    in the navigation pane.
  6. Specify a name and click
    OK
    to create a profile for the event in the
    Setup
    >
    Profiles
    tab.
    Do not use slash (/) in the profile name; else the probe trims the profile name from the slash (/) character and discards the profile properties. For example, if the profile name is
    My/Profile
    then the probe only saves
    My
    as the profile name.
  7. Select the profile in the 
    Setup
    >
    Profiles
    tab.
  8. Update the following information in the
    Event Selection
    tab of the profile to configure the event log details:
    • Description:
      specifies additional information about the profile.
    • No Propagation of Events:
       excludes the event that matches the filtering criteria of any monitoring profile. The probe then makes the event unavailable to other profiles.
      Default: Not Selected
    • Log:
       specifies the log file from which the probe monitors the event.
      The
      Log
      drop-down list displays only those log files that are selected in the
      Setup
      tab >
      Properties
      tab >
      Log Files to be Monitored
      list. You can also select * to use any log file.
    • Computer:
       defines the computer name on which the event has occurred.
    • Source/Publisher Name:
       defines the source or the publisher from where the event has logged.
    • Severity:
       specifies the severity of the event.
    • User:
       defines the Windows user account for whom the event was generated.
    • Category
      : defines the event category. For example,
      Service State
      .
    • Event ID:
      defines the Event ID you are monitoring. Use * to monitor all events of the selected log file. You can use exact numeric match, range( example, 1-5) and multiple comma separated event IDs. You can also use both ranges and commas in the same entry, such as 1-5, 9-20. The field does not support any other regular expression.
    • Message String:
       defines the alarm message to be generated when the event selection criteria matches an event.
  9. (Optional)
    Select
    Run Command on Match
    to enable the probe to execute the specified command when a matching event is found. Update the following information to configure the command properties if a matching event is found.
    Default: Not selected
    • Command Executable:
       defines the executable command when the matching event is found. You can also click
      Browse
      for a batch file path. For example, you can execute a script to send an email to the support executive to resolve the issue.
    • Command Arguments:
       defines the command arguments to execute the command. For example, define the email address of the support executive to send an email. You can use custom variables that are created in the profile as part of the command argument. You can select the variables from a list. Type a
      $
      symbol in the alarm message text to select from the list of variables. For example, you can use
      $var
      to retrieve the value of a
      var
      variable that is configured for the profile. If the specified variable is not defined in the profile, then the variable name is displayed as is. For more information, see the
      Configure Custom Variables
      section.
      The probe does not support alarm variables such as
      $computer
      as a command argument.
  10. Select the checkbox next to the profile name and click
    Apply
    to activate the profile and save the configuration.
    If you do not want to use the profile, right-click the profile and select 
    Delete
    . Save the configuration after you delete an entity.
Configure Monitoring and Alarms
You can configure the alarm and QoS properties of the profile.
Follow these steps:
  1. Select the profile in the 
    Setup
    >
    Profiles
    tab.
  2. Update the following information in the
    Alarm / Post
    tab to generate alarm messages for the profile:
    • Send Alarm:
       enables the profile to generate alarms.
    • Alarm Message:
       defines the alarm message that is issued when the event matches the monitoring criteria. You can also use variables in this field. For more information, see the
      Variable Expansion in Alarms
      section.
      Default: $source ($event_id - $category): $message
    • Level:
       specifies the severity of the alarm. Select the 
      From Eventlog
       option to use the same severity level as the event log message.
      The
      critical
      level is supported only for
      error
      type events on
      Windows Server 2008
      , and the probe generates a
      Minor
      severity alarm.
    • Subsystem:
       defines a custom subsystem ID to override the default subsystem ID. For example, you can give the profile name to identify each alarm source. You can also use variables in this field. For more information, see the
      Variable Expansion in Alarms
      section.
      CA does not recommend you to use custom subsystem IDs as that can result in an unexpected view of the QoS data on USM.
    • Set Suppression Key, Optional Key:
      specifies a custom message suppression key to avoid multiple instances of the same alarm. If you do not specify a key, the alarm description is used to suppress alarms and probe sends only one alarm with the same description in one interval.
    • Time Frame:
       defines the time interval during which the probe monitors the events and temporarily stores the matching events in buffer.
      This field is different from 
      Poll Interval
       which is configured in the 
      Properties
       section of the
      ntevl
       node.
    • Event Count:
       defines the event count threshold condition to compare with the actual event count in buffer and generates an alarm when the threshold condition is breached.
      For example, if the 
      Time Frame
      is 
      5 min
      , operator is greater than (
      >
      ), and the
      Event Count
       is 
      4
      , the probe scans the event log messages in a slot of 5 minutes and generates an alarm when the matching events count is more than 4.
      This functionality is operational only if at least one event is triggered for the matching profile.
    • Post Message:
      enables the probe to post the event log message data as the alarm.
    • Post Subject:
       defines the subject of the alarm. This value overrides the value of the
      Default Post Subject
      field as defined in the
      Setup
      >
      Properties
      tab.
  3. Update the following information in the
    QoS
    tab to generate QoS messages for the profile:
    • Number of Events Found in Time Interval:
       enables the profile to generate QoS messages.
    • Time Interval ... seconds:
       defines the time interval to monitor the events and generate alarms and QoS.
      Default: 3600
  4. Click
    Apply
    to save the configuration.
(Optional) Configure Custom Variables
You can define variables with a set of conditions. These conditions populate the variable value on real time from the selected event log message. These variables are then used to generate the alarm messages.
The name for two variables cannot be the same.
Follow these steps:
  1. Select the profile in the 
    Setup
    >
    Profiles
    tab.
  2. Right-click and select
    New
    in the
    Variables
    tab to open the
    Variable settings
    dialog.
  3. Update the following information to configure the variable properties:
    • Name:
      specifies a name for the variable.
      Default: var
      CA does not recommend you to update the variable name as the probe creates a new variable with the updated name. For example, if you change the variable name from Var1 to Var2 then probe creates a Var2 variable.
    • Source Line:
      enables the probe to use a source line of the event message text from where the probe reads the text. The probe saves the extracted text in the variable.
      • Source Line Value:
         defines the line number of the event log message text. 
        Default: 0
    • From Character Position:
       defines the position of the character from where the source line is defined to extract the variable value. 
      Default: 1
    • Source From Position:
      allows you to select from the following options:
      • Column:
         defines the position of the column in the source line to extract value of the variable.
      • Character Position:
         defines the position of the character in the source line to extract value of the variable.
      • Match Expression: 
        defines a regular expression to retrieve all message strings that match with the specified value.For more information, see ntevl Regular Expressions.
        The probe generates an alarm when the specified expression matches with the defined operator. (Select the 
        RE 
        option to use the regular expressions.)  You can extract variables from the contents inside parentheses in the match expression. Using number 1, refers to the first parenthesis in the expression, using number 2, refers to the second parenthesis in the expression, and so on.
    • Source TO Position:
      allows you to select from the following options:
      • Ignore 'To':
        indicates the profile to read to the end of file.
      • To Column:
         defines the position of the column in the source line to extract value of the variable.
      • To End of Line:
        indicates the profile to read to the end of the current line.
  4. Update the following information in the
    Threshold Alarm Definition
    section to configure thresholds for the variable.
    • Operator:
       specifies the operator to generate an alarm. Select the
      re
      option to use regular expressions. The >, <, >=, and <= operators support only integer and float type values. These operators do not work with string values. However, only the
      =
      operator works with string values. For more information, see ntevl Regular Expressions.
    • Threshold:
       defines the expected value for the variable. The probe generates an alarm if the specified expected condition in the
      Threshold Alarm Definition
      section is not met. For example, if you set threshold value as ${50} and define the expected condition as greater than equal to 20, alarms will be generated for values less than 20.
  5. Click
    OK
    to create the variable.
  6. Specify a
    Field Separator
    character for the event message text. This field is useful to segregate the event message text in multiple columns and then uses those column numbers in the 
    Variables
    tab. For example, if your event message text is ABCD:EFGH:IJKL:MNOP and the separator is colon (:), then the probe segregates the message text in four different columns (1-4). You can use these column numbers to retrieve the appropriate text to the variable. on-English characters are not supported as separators.
  7. Click
    Apply
    to save the configuration.
(Optional) Exclude Event Logs from Monitoring
You can create exclude profiles to remove applicable event logs from monitoring. You can also use regular expressions in event criteria fields to use a single profile to exclude multiple events. For example, use the
*Win*
regular expression to exclude all events with
Win
in the name from the events log file. For more information, see ntevl Regular Expressions.
You can use both ranges and commas in the same entry, such as, 1-5, 9-20. Events matching all the criteria in an exclude profile are excluded from monitoring by the defined profiles. The 
Event ID
 field does not support regular expressions. Use format as shown in the following examples:
  • *
  • 114
  • 1, 5,10
  • 1, 10-12
  • 115-12
Follow these steps:
  1. Open the
    Status
    tab.
  2. Select the required event log file from the
    Event Log
    drop-down list.
    The
    Event Log
    drop-down list displays only those log files that are selected in the
    Setup
    tab >
    Properties
    tab >
    Log Files to be Monitored
    list.
  3. Click
    Refresh
    to view the events from the log file.
    The probe throws the
    Failed to get events
    error while retrieving the event list when the event count is higher, for example, 3000 or more. The actual event count varies due to your system configuration and performance. In such case, reduce the value of
    Maximum Events to Fetch
    field in the
    Properties
    tab.
  4. Select the applicable event to monitor.
  5. Right-click and select
    Exclude from monitoring
    to create an exclude profile for the event.
    To remove all messages from current event log, right-click and select 
    Clear log
    .
    You can also create an exclude profile for an event log that is not generated. Open the
    Setup
    >
    Exclude
    tab and right-click and select
    New
    in the navigation pane.
  6. Specify a name and click
    OK
    to create a profile for the event in the
    Setup
    >
    Exclude
    tab.
    Do not use slash (/) in the profile name; else the probe trims the profile name from the slash (/) character and discards the profile properties. For example, if the profile name is
    My/Profile
    then the probe only saves
    My
    as the profile name.
  7. Select the exclude profile in the 
    Setup
    >
    Exclude
    tab.
  8. Update the following information to configure the event log details:
    • Log:
      specifies the log file from which the probe excludes the events from monitoring. The event log files that are selected in the
      ntevl
      node are displayed here.
    • Computer:
       defines the computer name on which the event has occurred.
    • Source:
       defines the source or the publisher from where the event has logged.
    • Severity:
       specifies the severity of the event.
    • User:
       defines the Windows user account for whom the event was generated.
    • Category
      : defines the event category. For example, the 
      Service State
       event.
    • Event ID:
       defines the Event ID you are monitoring. Use * to monitor all events of the selected log file. The
      Event ID
      field does not support regular expressions.
    • Message String:
       defines the alarm message text when the event selection criteria matches an event. You can use the regular expressions to match the message string. For more information, see ntevl Regular Expressions.
  9. Select the checkbox next to the profile name and click
    Apply
    to activate the profile and save the configuration.
(Optional) Variable Expansion in Alarms
You can use variables in alarm messages, which when expanded provides the related text in the generated alarm message. For example, if you want to use the profile name in the message, you can use the
profile
variable. The values of these variables are retrieved from the monitored system. You can select the variables from a list. Type a
$
symbol in the alarm message text to select from the list of variables
The ${
Variable name
} also returns the variable value which is defined in a profile. For example, you can use
${var}
to retrieve the value of a
var
variable that is configured for the profile. If the specified variable is not defined in the profile, then the variable name is displayed as is. For more information, see the
Configure Custom Variables
section.
The default variables available for inclusion in the message text are as follows:
  • profile:
    indicates the name of the profile for which alarm or QoS is generated.
  • description:
    indicates the user-defined description.
  • variable:
    indicates the user-defined variable.
  • source:
    indicates the source from where the event is logged, for example, [Service Control Manager].
  • event_id:
    indicates the ID of the particular event.
  • category:
    indicates the category name of the particular event, for example, [Management] and [Disk].
  • log:
    indicates the event log name, for example, [System] and [Application].
  • severity:
    indicates the event severity level of the event.
  • severity_str:
    indicates the severity code name, for example, [error] and [information].
  • user:
    indicates the username of the event.
  • computer:
    indicates the host name of the system on which the event is generated.
  • time_stamp:
    indicates the date-time stamp when the event is generated.
  • message:
    indicates the message description available in the event logger.
  • record_id
    : indicates the record number which is assigned to the event when the event is logged.
  • evlData:
    indicates the associated data of the event. If no data is present, None is added to the message.