By default, all event sources (Sources) of the Application, System, and Security event logs are monitored when monitoring the Microsoft Windows event log (see Central Monitoring of the Microsoft Windows Event Log ). By specifying one or more event log templates, you can restrict the monitoring to selected event logs or event sources instead, and also deviate from the default alert values for the events.
You specify these event log templates as values of the parameter EventLogMon in the Parameters of the SAPCCMSR.INI Configuration File :
EventLogMon <complete file path of the event log template>
SAPCCMSR.INI can contain multiple entries of this type, which point to multiple event log templates.
Monitored Event Logs
In the event log template, first specify which event log (Application, System, or Security) you want to monitor.
EVENTLOG_TEMPLATE |
Keyword; this opens the configuration area for the event log monitoring |
EVENTLOG_NAME=[Application, System, Security] (required parameter) |
Name of the event log that is to be monitored |
MTE_NAME="<Name of the node, maximum of 40 characters>" |
Name of the monitoring attribute in the Alert Monitor (optional parameter) |
MTE_CLASS="<MTE class>" (Default: CCMSEventLogCL) |
MTE class of the monitoring object that monitors the events of the above event log |
Monitored Event Sources and Assignment of the Alert Colors
You can specify which events from the event log specified in EVENTLOG_NAME are to be reported in the monitoring infrastructure by specifying the desired event source in SOURCE_<x>. When doing this, enter a number <x> for each desired event source in the parameter suffix of the following parameters. Start with the number 0. In this way, you can set the desired alert colors individually for the events of each source, depending on the event type.
SOURCE_<x>=[event source,<ALL>] (Default: <ALL>) |
Event source from the event log specified in EVENTLOG_NAME; in this way, you can have only events from certain event sources monitored; if the name of the event source contains a space, place the name in quotation marks. |
INFO_<x>=[GREEN, YELLOW, RED, INACTIVE] (Default: GREEN) |
Alert color that is to be assigned to events of the event type Information of the above event log from the event source defined by SOURCE_<x>. |
WARNING_<x>=[GREEN, YELLOW, RED, INACTIVE] (Default: YELLOW) |
Alert color that is to be assigned to events of the event type Warning of the above event log from the event source defined by SOURCE_<x>. |
ERROR_<x>=[GREEN, YELLOW, RED, INACTIVE] (Default: RED) |
Alert color that is to be assigned to events of the event type Error of the above event log from the event source defined by SOURCE_<x>. |
SUCCAUDIT_<x>=[GREEN, YELLOW, RED, INACTIVE] (Default: GREEN) |
Alert color that is to be assigned to events of the event type Success Audit of the above event log from the event source defined by SOURCE_<x>. |
FAILAUDIT_<x>=[GREEN, YELLOW, RED, INACTIVE] (Default: RED) |
Alert color that is to be assigned to events of the event type Failure Audit of the above event log from the event source defined by SOURCE_<x>. |
You want to monitor in only the following event sources in the System event log:
Events from the event sources Automatic Updates should never trigger an alert, regardless of the type of event, but should rather always be reported as a green message. To do this, set the following entries in the configuration file SAPCCMSR.INI:
EventLogMon OnEventLogMon C:\usr\sap\prfclog\sapccmsr\evtmon_appl.ini
The event log template evtmon_appl.ini would have the following content:
EVENTLOG_TEMPLATEEVENTLOG_NAME=SystemMTE_CLASS=EventLogSystemSOURCE_0="Automatic Updates"INFO_0=GREENWARNING_0=GREENERROR_0=GREENSUCCAUDIT_0=GREENFAILAUDIT_0=GREENSOURCE_1="Service Control Manager"INFO_1=GREENWARNING_1= YELLOWERROR_1=REDSUCCAUDIT_1=GREENFAILAUDIT_1=RED.
Infrastructure of the SAP NetWeaver Management Agents Start Page