Create/Edit Criteria

Use this dialog box from the Monitoring Policy wizard to define the monitoring criteria to track specific log events.

Please specify filtering attributes

Each template has a set of filtering attributes that you can use to specify the log events you want to monitor. The filtering attributes represent a specific column in the log file.

The following table displays the filtering attributes that are supported for each predefined template, and provides a short description for each attribute.

If you created your own template, review your notes about each of the filtering attributes you specified.

Selected Template Filtering Attributes
NetApp Logs PID

The identification number of the process that triggers the log event. For example, 12345.

ThreadId

The identification number of the thread that triggers the log event. The thread ID is in hexadecimal format. For example, 2EA67.

Date

The date in MM/DD format. Use the interactive calendar to select the date.

Time

The time in HH:MM:SS format. For example, 14:25:00.

JobId

The identification number of the job that triggers the log event. For example, 845716.

Description

The description of a log event (string value). For example, if you want to capture installation events, type "installing".

Simple Text Logs Description

The description of a log event (string value). For example, if you want to capture installation events, type "installing".

Windows Events Level

The event security classification of the Windows event. The levels that can occur in system and application logs are the following: information, warning, error, and critical.

The levels that can occur in security logs are the following: success audit and failure audit.

Date

The date in MM/DD/YYYY format. Use the interactive calendar to select the date.

Time

The time in HH:MM:SS AM/PM format. For example, 1:25:00 PM.

Source

The software that logged the event, which can be either a program name, such as "SQL Server", or a system component, such as a driver name.

Category

The category represents a subcomponent or activity of the event. For example, login or logoff activities.

Event ID

A number identifying a particular event type. For example, 12345.

User

The name of the user that triggered the event you want to capture. If the event was caused by a server process, the user name is the client ID.

Computer

The name of the local computer where the event occurred.

Description

The description of a log event (string value). For example, if you want to capture installation events, type "installing".

Log Name

The name of the log you want to monitor. Retrieve the log name from the Event Viewer window of your Windows computer.

Many Windows log files are named Admin or Operational. To distinguish log files that have the same name, use the following steps:

  1. From the Console Tree of the Event Viewer window, go to the log that you want to monitor.
  2. Right-click the log file and click Properties.
  3. In the Log Properties dialog box, copy the name provided in the Full Name box.

SysLogs Date

The date in MMM DD format (for example, Mar 14). Use the interactive calendar to select the date.

Time

The time in HH:MM:SS format. For example, 14:25:00.

Host Name

The host name of the local computer where the log event occurred.

Process

The name of the process that triggers the log event.

Description

The description of a log event (string value). For example, if you want to capture installation events, type "installing".

Next to each of the filtering attributes, there is an operator which defines how to capture the log event. Use the operator for each of the attributes that you plan to define.

The following are some examples using the operators:

  • For the PID filtering attribute, use equals to to define that the process ID you specified must be equal to the ID in the log for the data to be captured.
  • For the Host Name filtering attribute, use contains to define that the log must contain the host name you specified for the data to be captured.
  • For the Date filtering attribute, use between to define the starting and ending dates to capture the log activity between the specified dates.

Opens the Advanced Criteria Options dialog box to further configure the value of a particular filtering attribute.

  • Regular Expression

    When selected, allows you to define the filtering attribute value as a regular expression.

  • Case Sensitive

    When selected, makes the value you provided for the filtering attribute case sensitive.

  • Match Whole Word

    When selected, requires the monitoring policy to track the log event using the whole word you specified for the filtering attribute.

  • Inclusive

    When selected, includes the start and end values that are entered for an attribute.

    This option only applies to the following NetApp Logs filtering attributes:

    • PID
    • ThreadId
    • Date

Match any column

When selected, you can specify any type of value to match it with any of the columns in the log file.

Assigned Severity

When the monitoring criteria matches a log event, the policy assigns a severity level to the monitoring criteria. The severity level helps you highlight important log events in the Log Monitoring report and in specific alerts, such as Event Viewer and SCOM alerts.

  • Error

    Classifies the monitoring criteria as a critical log event.

  • Warning

    Classifies the monitoring criteria as a major log event.

  • Information

    Classifies the monitoring criteria as a minor log event.