On the Windows server edit the fmt file (See steps above
for configuring the tivoli LFA) as follows. For more information
about how to configure the IBM® Tivoli® Monitoring Log File Agent,
see Integrating the Windows OS Events Insight Pack with the Log File Agent.Update
the .fmt file from:
// Matches records for any Log file and converst to csv format:
//
REGEX AllRecords
^([A-Z][a-z]{2} [0-9]{1,2} [0-9]{1,2}:[0-9]{2}:[0-9]{2} [0-9]{4})
[0-9] (\S+) (\S+) (\S+) (\S+) ([0-9]+) (.*)
hostname LABEL
-file FILENAME
RemoteHost DEFAULT
logpath "WindowsOSEventsLFA"
text PRINTF("%s,%s,%s,%s,%s,%s,%s,%s",file,$2,$3,$4,$5,$6,$7,$8)
END
To:
// Matches records for any Log file and converst to csv format:
//
REGEX AllRecords
^([A-Z][a-z]{2} [0-9]{1,2} [0-9]{1,2}:[0-9]{2}:[0-9]{2} [0-9]{4})
[0-9] (Warning|Error|Critical) (\S+) (\S+) (\S+) ([0-9]+) (.*)
hostname LABEL
-file FILENAME
RemoteHost DEFAULT
logpath "WindowsOSEventsLFA"
text PRINTF("%s,%s,%s,%s,%s,%s,%s,%s",file,$2,$3,$4,$5,$6,$7,$8)
END
This will limit the events being
sent to IBM Operations Analytics - Log Analysis to
those of type Warning or Error or Critical. No 'Information' events
will be sent to IBM Operations Analytics - Log Analysis.