Monitor Event Log Capacity
The Monitor Event Log Capacity object
triggers Policies when the size of the Windows Event Log reaches
the maximum size allowed.
How it is used
You can use the Monitor Event Log
Capacity object to trigger a Policy that will archive and purge the
event log so that events will not be lost.
Configuration
When configuring the Monitor Event
Log Capacity object you need to know the event log you are
monitoring.
Details Tab
Computer
|
Type the name of the computer
that stores the Windows Event Log that you want to monitor. You can
also browse for the computer using the ellipsis (...) button. The Action Server that runs this
object must have the appropriate rights to monitor the Windows
Event Log on that computer.
|
Event log
|
Type the name of the Windows
Event Log that you are monitoring. You can also browse for the
Windows Event Log using the ellipsis (...) button. Windows includes three Event Logs by
default - Application, Security, and System. The computer that you
are connecting to may contain other Event Logs.
|
Test
|
Type the number and select the
units of time for the Monitor Event Log Capacity object to wait
between each check of the Windows Event Log size.
|
The Monitor Event Log Capacity object
will only trigger every time the size of the Windows Event Log goes
from below the maximum to above the maximum.
Example
The Monitor Event Log Capacity object
is set to test every 30 seconds.
Time
|
Event Log Size is Above
Maximum?
|
Result
|
30s
|
No
|
Do not trigger Policy
|
60s
|
Yes
|
Trigger Policy
|
90s
|
Yes
|
Do not trigger Policy
|
120s
|
No
|
Do not trigger Policy
|
150s
|
Yes
|
Trigger Policy
|
Available Published Data
Name
|
Description
|
Event log name
|
The name of the Windows Event
Log being monitored.
|
Computer
|
The name of the computer where
the Windows Event Log is stored.
|
Test interval
|
The interval in seconds between
checks to the event log.
|