IBM Enterprise Console Network Router User Manual


 
Rule File
Some adapters come with a rule file describing the classes of events the adapter
supports. This file is not used by the adapter itself, but serves as a mandatory link
between the adapter and the event server. The event server must load this file
before it is able to understand events received from the adapter. A rule file has an
extension of .rls; see each specific adapter chapter for exact file names. The format
of a rule file is described in the IBM Tivoli Enterprise Console Rule Builders Guide.
Example
The following fragment shows how an event class for reporting SNMP
authentication problems could be defined in a BAROC file:
CLASS AUTHENTICATION_FAILURE ISA EVENT
DEFINES {
source:default="NET";
sub_source:default="SNMP";
auth_source:STRING;
};
END
Format File
The UNIX log file, NetWare log file, OS/2, Windows, and Windows NT event log
adapters can extract information from system log messages, whose format and
meaning can vary widely. This capability is necessary because similar sources can
produce messages in different formats. For example, different NFS (network file
system) implementations might report the file system full error in different
formats. As a result, you might need to match different messages to the same or
different event classes. This type of matching is done with a format file.
The purposes of a format file are as follows:
v Serves as the lookup file for matching messages to event classes. When the
format file is being used for this purpose, all format specifications in the file are
compared from top to bottom. In situations where there are multiple matching
classes for a message, the last matching format specification is used. If no match
is found, the event is discarded.
v Serves as the source from which a CDS file is generated. See Class Definition
Statement Fileon page 18 for additional information.
See Appendix B, Format File Referenceon page 145 for details about format files.
Example
The following examples show sample entries from the format file used by the
Windows NT event log adapter.
Note: The format files for the log file-type adapters are examples only;
customization might be required. The message text must fit on one line and
be no longer than 1024 characters.
FORMAT NT_Base
%t %s %s %s %s %s %s %s*
hostname DEFAULT
origin DEFAULT
category $3
eventType $4
sid $5
sub_source $6
id $7
msg $8
Chapter 1. Understanding Adapters 17