Configuration Options - Reading Log Files Configuration Options - Client/Server Operation

Configuration Options - Reading NT Event Logs

Veduta reads input from log files and NT event logs. To configure the reading of log files, see here

To set up reading from NT event logs we need to configure Veduta via consumers.xml.

consumers.xml looks like:

so each NT event log is configured using a separate <consumer/> section. Each <consumer/> section is given a name, so it can be referenced via the report.xml configuration - determining how each event log is displayed.

Configuring an NT Event Log

An NT event log is configured using the following: which defines the NT log to read and how often to read it. Note that as default the Windows platform provides an Application log, a System log and a Security log. Further logs can be defined for a particular Windows server.

Veduta uses the Windows WMI interface to read the event logs. Because this is relatively heavyweight, it is recommended that this is not polled at an excessive rate.

Windows Log Output

The message output from the log file defaults to the following: e.g. where each NT log record is delimited by an = sign.

This output can be changed by providing a format configuration thus:

where the format string can specify the substitution of the different event log fields. The field indices are:
  

Field	Index in format string
Category	0
Host	1
EventCode	2
Message	3
Record	4
Source	5
Time	6
Event	7
User	8

so the above example would output the following: The report configuration can be modified appropriately to match on this string in the same manner as for normal log files.