Filter
Top Products
Registry Variables
Registry variables are used to control the operation of the Windows event log
adapter. Changes made to registry variables take effect immediately; there is no
need to stop and restart the adapter. Use the registry editor (regedt32) provided by
Windows to view and modify registry variables.
Note: It is not necessary to modify the registry variables for the Windows event
log adapter to function. The registry variables are automatically set to the
correct default values when the Windows event log adapter is installed.
All of the registry variables for the Windows event log adapter are located in the
\HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\TECWinAdapter directory. The following are the
adapter registry variables:
Note: When you change the registry entries for any registry variable with a name
ending with EventsProcessedTimeStamp, you must also change the registry
entries for the corresponding registry variable with a name ending with
EventsProcessed. For example, if you change the registry entry for
ApplicationEventsProcessedTimeStamp, you must also change
ApplicationEventsProcessed.
If both values are not changed, the adapter ends unexpectedly, the
PollingInterval criteria are met, and a message similar to the following is
sent:
msg=’TECWinAdapter shuts down.Error: older event on \
ApplicationEventsProcessed : (1,920433843) vs last processed \
event(1,923673952).’;
To prevent this, stop the adapter and then make the necessary registry
changes. When you restart the adapter, a consistency check updates the
registry entry for the appropriate variable ending with EventsProcessed to
match the correct value based on the corresponding variable ending with
EventsProcessedTimeStamp.
ApplicationEventsProcessed
Contains the highest event number in the Windows Application Log that
the adapter has processed. The adapter uses this variable to keep track of
how many events it has read and sent to the event server so that the
adapter can start at the next event the next time it polls the log. You can
lower the ApplicationEventsProcessed variable if you want an event to be
read and processed again. To process all messages in the Application Log,
set the ApplicationEventsProcessed variable to 1.
ApplicationEventsProcessedTimeStamp
Contains the time stamp for the corresponding event identified by the
value of the ApplicationEventsProcessed variable.
DirectoryEventsProcessed
Contains the highest event number in the Windows active directory server
log that the adapter has processed. The adapter uses this variable to keep
track of how many events it has read and sent to the event server so that
the adapter can start at the next event the next time it polls the log. You
can lower the DirectoryEventsProcessed variable if you want an event to
be read and processed again. To process all messages in the Directory
Service Log, set the DirectoryEventsProcessed variable to 1.
Chapter 10. Windows Event Log Adapter 117