Log Specifies one or more of the Windows NT event logs to prefilter. Valid
values are System, Security, Application, or any combination of these
separated by commas. The default is all three event logs.
EventId
Specifies the event number assigned by Windows NT. You can specify up
to sixteen event numbers. Multiple event numbers must be separated by
commas.
Source
The source that logged the event to the Windows NT event log. You can
specify up to sixteen sources. Multiple sources must be separated by
commas.
EventType
The classification of the event assigned by Windows NT. Valid values are
as follows:
v Error
v Warning
v Information
v AuditSuccess
v AuditFailure
v Unknown
The following examples show prefiltering statements. The first statement is on
multiple lines due to space restrictions.
PreFilter:Log=Application;Source=MyApp;EventId=1000,2000, \
3000;EventType=Warning,Information;
PreFilter:Log=Security;
PreFilter:Log=Application;Source=TECNTAdapter;
Format File
The format file contains message format descriptions and their mapping to BAROC
events. The message fields of a Windows NT event are matched against the format
descriptions in this file and when a match succeeds, the corresponding event is
generated by the adapter. The format file contains predefined mappings for some
common Windows NT events and can be customized to add any new messages.
A Windows NT event is written to an ASCII message in the following sequence:
v The date expressed as month, day, time, and year.
v The event category, expressed as an integer.
v The event type (Error, Warning, Information, AuditSuccess, AuditFailure,
Unknown).
v The Windows NT security ID; any spaces in this field are replaced by an
underscore if the proper registry variable is set.
v The Windows NT source; any spaces in this field are replaced by an underscore
if the proper registry variable is set.
v The Windows NT event identifier.
v The message text.
The subfields, except the message text field, are derived from the event header in
the Windows NT event object. The output message after formatting is bound
Chapter 11. Windows NT Event Log Adapter 131