Filter
Top Products
If during the polling interval the file is overwritten, removed, or
recreated with more lines than the previous poll, only the number
of lines greater than the previous line count is read. For example,
the file has one line. After the poll interval elapses, the file is
overwritten with two lines. Only the second line is read on the
next polling.
NumEventsToCatchUp
Specifies which event in the Windows NT event logs that the
adapter starts with. This option provides some flexibility if the
source being monitored is new or the adapter has been stopped for
an extended period of time. Valid values are as follows:
0 Start with the next event in the logs.
–1 Start with the oldest event in the logs.
nnrepresents any number other than zero (0) or –1. Start
with the nth event from the most current event in the logs;
that is, start n events back from the most current event in
the logs. If n is greater than the number of events that are
available, all the events that are available are processed.
PollInterval Specifies the frequency, in seconds, to poll each log file listed in the
LogSources keyword for new messages. The default value is 120
seconds.
Polling begins at 5 seconds. If a new event is detected, the next
polling frequency begins at 5 seconds again. If no event is detected
from a poll, the polling interval is doubled, until the upper limit is
reached. After the upper limit is reached, the polling frequency
remains at that interval until a new event is detected; then, it is
reset to 5 seconds.
Note: If there are queued events, but no incoming events, the time
still doubles until the set polling interval time. To avoid this,
set the polling interval to a lower number. The polling
interval setting is in the registry in
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\ TECNTAdapter\.
PreFilter Specifies how events in a Windows NT event log are filtered before
adapter processing. PreFilter statements are used by PreFilterMode
when determining which events are sent from an event log to the
adapter. An event matches a PreFilter statement when each
attribute=value specification in the PreFilter statement matches an
event in the event log. A PreFilter statement must contain at least
the log specification and can contain up to three additional
specifications, which are all optional: event ID, event type, and
event source. The order of the attributes in the statement does not
matter.
The basic format of the PreFilter statement is as follows:
PreFilter:Log=log_name;EventId=value;EventType=value;Source=value;
You can specify multiple values for each attribute by separating
each with a comma.
Each PreFilter statement must be on a single line.
Chapter 11. Windows NT Event Log Adapter 129