Filter
Top Products
The following example shows a PreFilter statement with a regular
expression. This prefilter statement matches all Application Log
events with a source name that contains TEC_ somewhere in its
name:
PreFilter:Log=Application;Source=re:’TEC_.*’;
The following example shows a prefilter statement with a more
narrow range. This prefilter statement matches all Application Log
events with a source name that contains TEC_ somewhere in its
name and has an EventID of 24:
PreFilter:Log=Application;Source=re:’TEC_.*’;EventID=24;
For more information about Tcl regular expressions, see a Tcl user’s
guide.
The PreFilter keyword is optional. All Windows log events are sent
to the adapter if prefilters are not specified. and
PreFilterMode=OUT.
For additional information about prefiltering Windows log events,
see “Prefiltering Windows Log Events” on page 115.
PreFilterMode
Specifies whether Windows log events that match a PreFilter
statement are sent (PreFilterMode=IN) or ignored
(PreFilterMode=OUT). Valid values are IN, in, OUT,orout. The
default is OUT.
The PreFilterMode keyword is optional; if PreFilterMode is not
specified, only events that do not match any PreFilter statements
are sent to the adapter.
Note: If you set PreFilterMode=IN, make sure you have one or
more PreFilter statements defined as well.
For additional information about prefiltering Windows event log
events, see “Prefiltering Windows Log Events” on page 115.
SpaceReplacement
When SpaceReplacement is FALSE, any spaces in the security ID
and subsource fields of the event log messages are left unchanged.
When SpaceReplacement is TRUE, any spaces in the security ID
and subsource fields of the event log messages are replaced with
underscores. Set SpaceReplacement to TRUE if the format file
expects the security ID and subsource fields to be a single word
(that is, uses a %s format specification for them). The default
setting is FALSE.
UnmatchLog Specifies a file to log discarded events that cannot be parsed into a
IBM Tivoli Enterprise Console event class by the adapter. The
discarded events can then be analyzed to determine if
modifications are needed to the adapter format file.
WINEVENTLOGS
Controls which Windows Event Logs are monitored; also controls
the service version and overrides the command line interface (CLI).
114 IBM Tivoli Enterprise Console: Adapters Guide