Use this dialog box from the Monitoring Policy wizard to define the monitoring criteria to track specific log events.
Please specify filtering attributes
Each template has a set of filtering attributes that you can use to specify the log events you want to monitor. The filtering attributes represent a specific column in the log file.
The following table displays the filtering attributes that are supported for each predefined template, and provides a short description for each attribute.
Note
If you created your own template, review your notes about each of the filtering attributes you specified.
Selected Template |
Filtering Attributes |
---|---|
Commvault Logs |
PID The identification number of the process that triggers the log event. For example, 12345. ThreadId The identification number of the thread that triggers the log event. The thread ID is in hexadecimal format. For example, 2EA67. Date The date in MM/DD format. Use the interactive calendar to select the date. Time The time in HH:MM:SS format. For example, 14:25:00. JobId The identification number of the job that triggers the log event. For example, 845716. Description The description of a log event (string value). For example, if you want to capture installation events, type "installing". |
Simple Text Logs |
Description The description of a log event (string value). For example, if you want to capture installation events, type "installing". |
Windows Events |
Level The event security classification of the Windows event. The levels that can occur in system and application logs are the following: information, warning, error, and critical. The levels that can occur in security logs are the following: success audit and failure audit. Date The date in MM/DD/YYYY format. Use the interactive calendar to select the date. Time The time in HH:MM:SS AM/PM format. For example, 1:25:00 PM. Source The software that logged the event, which can be either a program name, such as "SQL Server", or a system component, such as a driver name. Category The category represents a subcomponent or activity of the event. For example, login or logoff activities. Event ID A number identifying a particular event type. For example, 12345. User The name of the user that triggered the event you want to capture. If the event was caused by a server process, the user name is the client ID. Computer The name of the local computer where the event occurred. Description The description of a log event (string value). For example, if you want to capture installation events, type "installing". Log Name The name of the log you want to monitor. Retrieve the log name from the Event Viewer window of your Windows computer. Many Windows log files are named Admin or Operational. To distinguish log files that have the same name, use the following steps:
|
SysLogs |
Date The date in MMM DD format (for example, Mar 14). Use the interactive calendar to select the date. Time The time in HH:MM:SS format. For example, 14:25:00. Host Name The host name of the local computer where the log event occurred. Process The name of the process that triggers the log event. Description The description of a log event (string value). For example, if you want to capture installation events, type "installing". |
Next to each of the filtering attributes, there is an operator which defines how to capture the log event. Use the operator for each of the attributes that you plan to define.
The following are some examples using the operators:
-
For the PID filtering attribute, use equals to to define that the process ID you specified must be equal to the ID in the log for the data to be captured.
-
For the Host Name filtering attribute, use contains to define that the log must contain the host name you specified for the data to be captured.
-
For the Date filtering attribute, use between to define the starting and ending dates to capture the log activity between the specified dates.
Opens the Advanced Criteria Options dialog box to further configure the value of a particular filtering attribute.
-
Regular Expression
When selected, allows you to define the filtering attribute value as a regular expression.
-
Case Sensitive
When selected, makes the value you provided for the filtering attribute case sensitive.
-
Match Whole Word
When selected, requires the monitoring policy to track the log event using the whole word you specified for the filtering attribute.
-
Inclusive
This option appears when you select the between operation type. When selected, enter the start and end values for the attribute.
This option only applies to the following Commvault Logs filtering attributes:
-
PID
-
ThreadId
-
Date
-
Match any column
When selected, you can specify any type of value to match it with any of the columns in the log file.