Start of Content Area

Process documentation Event Log Monitoring with CCMS Agents  Locate the document in its SAP Library structure

Purpose

On Microsoft Windows platforms, you can monitor the Windows event log with CCMS agents. By default, the event log logs events from the following areas:

·        Security

This log contains security-related events, such as file accesses and changes, or successful and failed logons. You specify which events are to be logged in the corresponding security settings.

·        Applications

This log contains events that were written by an application or a program. The application developer decides in each case which events are to be logged.

·        System

This log contains events that are reported by Microsoft Windows system components.

The events are divided into the following event types:

·        Information

·        Warning

·        Error

·        Success Audit and Failure Audit, only for security events

By default, after you activate event log monitoring, all event log events are monitored and displayed in the Operating System monitor in the central monitoring system (CEN).

You can also decide the following yourself with event log templates (see Structure of the Event Log Templates):

·        Which event logs are to be monitored?

·        Which event sources are to be monitored?

·        Which color should alerts of the different event types have?

Prerequisites

The CCMS agent used requires at least Patch Collection 2005/3. You can determine the status of the agent using the option –v (see Controlling CCMS Agents).

Process Flow

To activate the monitoring of the event log, set the following parameters in the SAPCCMSR.INI Configuration File of the CCMS Agents:

Parameter

Meaning

EventLogMon [On|Off]

EventLogMon On activates the event log monitoring on the Microsoft Windows host of the CCMS agent; by default, it is deactivated.

EventLogMon <file path>

This parameter specifies an event log template that contains additional configuration settings for the event log monitoring (see Structure of the Event Log Templates); by default, all event sources and all of their event types are monitored.

Note

SAPCCMSR.INI can contain multiple entries of this type, which point to multiple event log templates.

EventLogResolveMessages [On|Off]

EventLogResolveMessages On activates the complete resolution of the event log messages, that is, a more exact description of the event is obtained using additional Microsoft Windows system calls and transferred to CEN. This means that you obtain more exact information at the cost of performance. By default, this is deactivated.

To activate these settings, you need to restart the agent after setting the parameters in SAPCCMSR.INI (see Controlling CCMS Agents).

Result

The Microsoft Windows event log is monitored and displayed as a subtree in the Operating System monitor of the monitored host (see Displaying the Event Log Monitoring in the Alert Monitor).

This graphic is explained in the accompanying text CCMS Agents, Advanced Functions of the CCMS Agents start page

 

End of Content Area