SecurityEventsProcessedTimeStamp
Contains the time stamp for the corresponding event identified by the
value of the SecurityEventsProcessed variable.
SystemEventsProcessed
Contains the highest event number in the Windows event log that the
adapter has processed. The adapter uses this variable to keep track of how
many log events it has read and sent to the event server so that the
adapter can start at the next event the next time it polls the log. You can
lower the SystemEventsProcessed variable if you want an event to be read
and processed again. To process all messages in the event log, set the
SystemEventsProcessed variable to 1.
SystemEventsProcessedTimeStamp
Contains the time stamp for the corresponding event identified by the
value of the SystemEventsProcessed variable.
TECInstallPath
Specifies the directory that contains the Windows event log adapter
executable files and run-time files. This variable is normally set to
drive:\adapter_dir, where drive and adapter_dir are the drive and directory,
respectively, that contain the adapter executable files and run-time files.
Only change the TECInstallPath variable if you move the adapter
executable files and run-time files after you have installed the adapter.
Low Memory Registry Variables
When enabled, this feature checks the amount of available memory before the
Windows event log adapter attempts to send an event. If the amount of free
memory is extremely low, the Windows event log adapter returns to a suspended
state until more memory is available, which prevents the adapter from failing.
However, because of the amount of resources this consumes, only enable this
feature when available memory is so low that the adapter is failing and you have
no other way to solve the problem.
To enable this feature, you must set at least one of following registry variables in
the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\TECWinadapter\ registry path:
yellow_alert_limit
When free memory is below this level, the adapter sends a warning that
indicates the adapter might return to a suspended state until more memory
is available and lists the amount of free memory. The default value is 40
Mb.
red_alert_limit
When free memory is below this level, the adapter sends a warning and
lists the amount of free memory, then returns to a suspended state for 1
minute. After 1 minute, the adapter checks free memory again; if free
memory is still below this level, the adapter returns to a suspended state
for another minute and repeats until free memory is higher than this value.
The default is 20 Mb.
emergency_memsize
This is the amount of memory the adapter keeps in reserve for low
memory situations. When the red_alert_limit is reached, the adapter frees
this memory to make sure there is enough memory available to send the
red_alert_limit warning. The default is 2 Mb.
Chapter 10. Windows Event Log Adapter 119