Huge Collections of Software Manuals and Knowledgebase

GreatManuals.com
Huge Collections of Software Manuals and Knowledgebase
 
Home Contact us Request to publish your help manuals Request to remove your help manuals

Introduction
 » EventMeister
 » Features
 » Quick Start Guide
Exploring User Interfaces
 » Toolbar
 » Feeds Tab
 » Aggregates Tab
 » Notification Manager
 » Satellite Windows
 » Item Values Dialog
 » Manage Groups
 » Service Component
 » Configuration
Working with Event Log Feeds
 » Create New Event Log Feed
 » Create New Aggregate Feed
 » Modify or View Feed's Properties
 » Copying Properties Between Feeds
 » Delete Feed
Viewing & Analyzing Feed Data
 » Viewing Feed's Data
 » Search & Copy Feed Data
 » Hiding, Showing & Reorder Columns
 » Sort by Column & Copy View Settings
Reports & Exporting Feed Data
 » Manual Exports & Reports
 » Exporting
 » Displaying & Printing Reports
 » Other Feed Maintenance Tasks
Working with Notifications
 » Notification Types
 » Poll Failure Notification Object
 » Create New Notification Object
 » Email Scheduling Wizard
 » Modify & Duplicate Notification
 » Delete & Enable/Disable Notification
 » Running as Service
 » Backing Up & Transferring Settings
 » Troubleshooting Guide
 

Working with Feeds

A "feed" is a bundle of information that tells EventMeister:

  • where a log or data source is located
  • how to access and interpret the log data
  • when and how often to read or "poll" that log.

When EventMeister polls a feed,new data read from the source log is copied into EventMeister's private store on your hard disk. Each store has capacity - a limit on the number of items it can contain. When the limit is reached, the oldest items are automatically removed to make room for new ones.

You can filter data as it is read from the source, thus restricting the items that are written to EventMeister's store. Alternatively, you can create a viewing filter. This has no effect on the log data that EventMeister has stored - it simply restricts what you see on screen

Finally, you can tell EventMeister to watch incoming data for certain criteria and take appropriate action, such as issuing an onscreen alert, sending an email, running a script or generating a separate log. See Working with Notifications for more details.

Types of Feed

Feeds can be configured to draw data from local and remote event log files. In addition you can create Aggregate Feeds by merging two or more standard feeds into a single feed.

Creating, Updating and Deleting Feeds

Each standard feed is mapped to a single event log file. Filters can be applied to the feed to control which data is extracted from the source log. Schedules can be defined to control the frequency with which the source log is polled for new data.

Aggregate feeds can be created to combine data from two or more standard feeds.

Create New Event Log Feed

Invoking the Event Log Feed Wizard

  1. To invoke the New Feed Wizard make sure the 'Feeds Tab' is active then:

    Select 'Feeds > New Feed...' from the main menu.

    OR

    Click on the 'New Feed' toolbar button.

    OR

    Use the keyboard shortcut ALT + E + W

  2. The following topics describe each step involved in creating a new Event Log Feed with the Feed Wizard:

Event Log Wizard Step 1 - Choosing the Computer(s)

A single installation of EventMeister can read event logs on the host PC and on other, networked PCs. If you experience problems reading an event log on a networked PC, the following trouble shooting guide should help:

Accessing an Event Log on the Host PC

Select the 'This Computer' option, then click on the 'Next' button.

Accessing an Event Log on a Networked PC

  1. Select the 'Network Computer' option.
  2. A list of computers available on your local network will be displayed. Check the boxes to select the computers that you are interested in.
  3. Click on the 'Next' button.

NOTE: If the target machine is not listed it may be offline for some reason, or may have booted very recently (Windows networking does not always detect new machines immediately). If you know the name of the computer in question, you can still type it into the 'specify computer directly' box and click the 'add' button.

Website monitoring software Website monitor software Website monitoring tool

Event Log Wizard Step 1b - Access Credentials

NOTE: This wizard page will only be displayed if you have selected a networked computer in the previous step.

Enter a valid Account Name and Password to gain access to the target computer(s). If the Password is left blank, it is assumed to match the password for the same account on this computer.

  1. If only one computer has been selected, or all selected computers have the same login credentials then you need only specify them once in the 'Account Name' and 'Password' fields at the top of the Wizard page.
  2. To provide a different account/password for a particular computer double click it in the list of selected computers, or select it and click on the 'Edit' button.

When you click the Next button, EventMeister will try to establish a connection to the nominated computer. If the computer in question is currently offline or experiencing difficulties, this may take up to two minutes.

Event Log Wizard Step 2 - Choose Log Type

The 'Event Log Types' section will list all Windows Event Logs available on the target computer(s).

  1. Select the event log(s) to monitor by checking the box beside it. In the unlikely event that the target log type isn't listed simply type it into the box at the bottom of the Wizard page and click on the 'Add' button.
  2. Click on the 'Next' button.

Event Log Wizard Step 3 - Event Gathering Methods

  1. Choose your preferred event gathering method (see below)
  2. Click on the 'Next' button.

Event Gathering Methods

The two event gathering methods are described below. Please note that you can change the event gathering method at any time. For example, you may wish to start with the 'Read From Log' option to initially populate the feed with historical data then switch to 'Catch Events as they Arrive' for more efficient monitoring of large logs.

Read From Log

This method reads through the specified Event Log at specified intervals, identifies new entries, and adds them to the feed.

Advantages

  1. Most robust monitoring method. Picks up events that were generated while monitoring was disabled (For example, if you have to reboot the host machine LogMeister will pick up events that occurred during the restart).
  2. Initially populates the feed with past events from the log.

Disadvantages

  • New events will only be detected at the next scheduled poll interval. The smallest poll interval you can specify is one minute.
  • If you are monitoring a server that has large logs (upwards of 10,000 entries), the underlying technology (WMI) can be very CPU intensive on the server in question.
  • Potential for unnecessary network traffic. If you want timely notification of an event you will need to schedule regular polling of logs. If that event occurs very rarely most of the polls will not return data.

Catch Events as they Arrive

This method receives a notification from the server in question when new events are generated, and adds them to the feed.

Advantages

  • Real time event monitoring.
  • Minimal CPU overhead on the server.
  • Reduced network traffic (Communication only takes place when an event occurs).

Disadvantages

  • Does not catch events that occur whilst monitoring is disabled (For example, if you have to reboot the host machine LogMeister may miss events that occurred during the restart.
  • Does not populate the feed with past events from the log, i.e. the log will appear empty until fresh events occur.

»
Home | Contact us | Request to publish your help manuals | Request to remove your help manuals