WIN_EVENTS Configuration Syntax
This configuration is used for the remote monitoring of MS Windows Event Logs. Without this feature, only Windows Event Logs on the Monitoring Server can be monitored. Enabling the WIN_EVENTS Configuration will allow for a larger number of events to be captured and Alerts can be created for remote MS Windows servers that do not have Prognosis installed.
SUBSYS WIN_EVENTS
ADD SERVER (<fqdn>, eventlognames={Lync Server|Windows Server|Security}[, ip=<ip-address>, domain=<domain>, customer=<customer>, custom=<pwdkey>, sfbsite=<skype-site-name>, sfbpool=<skype-pool-name>])
DEFINE SUBSCRIBE-TIMEOUT (<minutes>)
DEFINE SUBSCRIBE-ATTEMPTS (<number-of-attempts>)
Syntax Elements
ADD SERVER
A separate ADD SERVER statement is added for each MS Windows server to be monitored.
<fqdn> | (Mandatory) The Fully Qualified Domain Name (FQDN) of the server. This is used to communicate with the server if an IP address is not defined. |
<event-log-name> | Name of an event log to retrieve, currently this can be; 'Lync Server', 'Windows Server' or 'Security'. For advanced users, it is possible to support additional logs by modifying the 'Lync Server' file which is located in the '<Prognosis_Home>/Server/Configuration/events/xml' folder path. |
<ip-address> | The IP address of the server. If defined, this is used as the method of communicating with the server. |
<domain> | The domain name of the authenticated user logon. Specified here instead for the PASSWORDS Configuration. |
<customer> | A customer name to associate with the server. |
<pwdkey> | The 'Entry Name' field from the PASSWORDS Configuration that contains a user name and password that are valid credentials for the server. See the Server Credentials below for further details. |
<skype-site-name> | Name of the Skype configured site name to which this server belongs. |
<skype-pool-name> | Name of the Skype Pool name to which this server belongs. |
DEFINE SUBCRIBE-TIMEOUT
<minutes> | Sets how often, in minutes, to check if it is still subscribed to receive Windows events. If no events have occurred in the last period, the Monitoring Server will re-subscribe again for events. By default, this is 5 minutes. |
DEFINE SUBSCRIBE-ATTEMPTS
<number-of-attempts> | Configures the number of retry attempts to subscribe for events from a Windows Server if an error occurs. By default, this is 3. Attempts are made based on the SUBSCRIBE-TIMEOUT period defined above. |
Example:
ADD SERVER ( \remote.server.com, "eventlognames=Lync Server", ip=10.0.0.1, domain=PR, customer=IR, custom=WinEvents:RemoteServer) DEFINE SUBSCRIBE-TIMEOUT (30) DEFINE SUBSCRIBE-ATTEMPTS (2)
Server Credentials
The 'custom' parameter defines which credentials are to be used in order to establish a connection with the server. This is mapped to the 'Entry Name' field of the PASSWORDS Configuration.
Example:
ADD SERVER (\remote.server.com, "eventlognames=Lync Server", ip=10.0.0.1, domain=PR, customer=IR,custom=WinEvents:RemoteServer, sfbsite=Sydney, sfbpool=remote-pool.server.com)
For the 'custom' parameter there must be a corresponding 'WinEvents:RemoteServer' line in the PASSWORDS Configuration, for example:
Entry Name | WinEvents:RemoteServer |
Username | <username> |
Password | <password> |
Server Credentials that reference a domain
If credentials have been provided for the server where the username is in the form <domain>\<username>, then the domain is set in the ADD SERVER statement and only the username and password added in the PASSWORDS Configuration.
Example:
Where the username is "LyncDomain\administrator":
1) In the WIN_EVENTS Configuration add
ADD SERVER (\remote.server.com, ip=10.0.0.1,domain=LyncDomain, custom=WinEvents:LyncServer )
2) In the PASSWORDS Configuration add
Entry Name | WinEvents:LyncServer |
Username | administrator |
Password | <password> |