FMLogo-No-WordsArtboard 1Event Collector

<< Click to Display Table of Contents >>

Navigation:  Technical Guide > Monitoring and Collecting >

FMLogo-No-WordsArtboard 1Event Collector

Collect some or all events from the Agent(s) being monitored. Events can be collected based on a combination of include and exclude Filters. Each Filter has criteria for the following event fields:

·Computer Name

·Event Log

·Username

·Event Source

·Event ID

·Event Category

·Event Message

·Event Type

When a new event occurs, it is checked against the Filters assigned to the Event Collector Monitor Item. If it matches at least 1 Include Filter and no Exclude Filters, then it will be sent to the ELM Server. If the event does not match an Include Filter, or matches an Exclude Filter, the event will be skipped. This is true for both Service Agents and Virtual Agents. Exclude filters are processed first then passed to include filters.

Monitor Assignments

Assign any Include or Exclude filters to the monitor item along with any monitoring categories you would like this listed under.

When a new event occurs, it is checked against the Filters assigned to the Event Monitor. If it matches at least 1 Include Filter and no Exclude Filters, then the configured Action will be triggered. If the event does not match an Include Filter, or matches an Exclude Filter, the event will be skipped. This is true for both Service Agents and Virtual Agents. Exclude filters are matched first then passed to include filters.

 

Event-Monitor-Assignments

Scheduling

 

Specify the interval at which the monitoring, polling or action is to occur. Depending on the Monitor Item type, Items can be scheduled in interval increments of Seconds, Minutes, Hours and Days. The Scheduled Interval is relative to the top of the hour or top of the minute. For example, if a Scheduled Interval is configured for 10 minutes, the Monitor Item will execute at hh:10:00, hh:20:00, hh:30:00, hh:40:00, hh:50:00, h1:00:00, etc. If a Scheduled Interval is configured for 15 seconds, the Monitor Item will execute at hh:00:15, hh:00:30, hh:00:45, hh:01:00, hh:01:15, etc.

 

 

Exclusion Configuration

 

Specify day(s) of week when you do not what the scheduled item to run.

 

 

Scheduling

Naming

 

Enter the name of the item and give it a description.

 

Enabled

Use this check box to enable/disable a monitor item.

 

Naming-NoCustomCat

 

Event Collectors do not trigger Actions like the other Monitor Items. For example Ping Monitors results will indicate if an ICMP echo request succeeds, Service Monitors results will indicate if a Windows service is started, etc. An Event Collector's job is to read events, expand the message, and deliver the record to the ELM Server. If it has trouble performing this task, then it or the ELM Server can create one or more of the following events:

Error 5566 - The bookmarked event record is no longer in the log, events are being skipped, and the bookmark reset to the beginning of the log (most recent event).

Error 5700 - The ELM Server had trouble receiving the event.

Error 5701 - The Event Collector had trouble creating or expanding the event into a record that could be delivered to the ELM Server.

Error 5702 - A Service Agent had trouble sending an event to the ELM Server.

Error 5703 - The ELM Server had trouble receiving an event from a Service Agent.