Event log model list
The List node displays the list of event log models which are currently defined and are located on the local client. It does not include any models which are in any status of waiting to be assigned to the client.
Parameter | Description |
|---|---|
Model Name | The fields of this column list the names of all event models which currently exist in CM . This can either be the name of the model for any predefined models such as the Web History Monitor, or the name of a custom defined model such as a performance counter plus its checksum, for example, Memory_12458942348662. |
Category | Provides the category to which the respective model belongs which can be a value such as Resource Monitor or Software Distribution. |
Model Note | These fields provide a short description on what the respective model logs. |
Activation | The values in these fields define if the respective model is activated, that is, if it stores the generated events. Possible values are Yes for events that are stored on local level and then can be uploaded to the master database, and No , the model is not activated and events will be deleted right after being generated. |
Available event log models
The table displays different information depending on the selected event log model. Depending on the currently selected object type, some or all of these models might be available:
Alert & Event
The Alert & Event model logs agent operation events, such as events and alerts generated by operational rules, by the inventory module, security alerts, and so on. It shows the following information for each event:
Parameter | Description |
|---|---|
Event Date | The date and time the alert occurred in the default time format. |
Device Name | This column is not displayed under the Alerts and Events of a device. |
Status | Displays the current status of the event.
|
Severity | Defines the severity of the selected alert, Error, Information or Warning . |
Category | Defines the type of event that is being logged. |
Sub-category | The alert sub-category to which the alert/event was assigned. This value can be freely defined by the administrator. |
Description | Displays the textual description of the alert/event. |
Shared | Indicates if this alert is shared with other applications such as BMC Remedyforce or BMC FootPrints Service Core via the external integration. It only appears after the ticket was actually created in the target integration. |
Acknowledged by | The name of the administrator who acknowledged the event. |
Last Modified By | Displays the name of either the last person that last modified the object or its contents, such as the administrator, or it may be the system that last executed any modifications. |
Notes | This free text field can contain additional information concerning the selected object. |
Monitored Applications
Logs an event for each application that is monitored.
Parameter | Description |
|---|---|
Event Date | The date and time at which the event about the monitored application was logged by the local agent. |
Application Name | The name of the monitored application. |
Application Version | The version number of the monitored application. |
Start Time | The date and time at which the application was started on the local client. |
End Time | The date and time at which it was closed again. |
Duration (sec) | The time the application was running on the local device in seconds. |
Connected User Name | This field displays the name of the user that was connected at the time when the application was launched. |
Domain | The name of the domain of the connected user. If the network does not have domains the device name will be displayed here. |
Prohibited Application
Logs an event for each prohibited application which was found in the network.
Parameter | Description |
|---|---|
Event Date | The date and time at which the event about the prohibited application was logged by the local agent. |
Application Name | The name of the prohibited application. |
Application Version | The version number of the prohibited application. |
Detection Time | The date and time at which the application was found to have started and was stopped on the local client. |
Connected User Name | This field displays the name of the user that was connected at the time when the application was launched. |
Domain | The name of the domain of the connected user. If the network does not have domains, the device name will be displayed here. |
Protected Application
Logs an event for each protected application which was repaired in the network.
Parameter | Description |
|---|---|
Event Date | The date and time at which the event about the protected application was logged by the local agent. |
Application Name | The name of the protected application. |
Application Version | The version number of the protected application. |
Fixing Time | The date and time at which the application was repaired on the local client. |
Fixed File | The name of the file that was repaired. |
Connected User Name | This field displays the name of the user that was connected at the time when the application was repaired. |
Domain | The name of the domain of the connected user. If the network does not have domains, the device name will be displayed here. |
Software Installations
Logs an event for all successfully executed software distributions:
Parameter | Description |
|---|---|
Event Date | The date and time at which the event about the successfully installed software was logged by the local agent. |
Operational Rule Name | The name of the operational rule that was distributed and installed on the target devices and its status. |
Package Type | The type of package, that is, if it is a custom, MSI, RPM or snapshot package. |
Compressed Package Size (MB) | The size of the package. |
Status | The final installation status of the package. |
Power Management
Logs an event for each energy state change of a device:
Parameter | Description |
|---|---|
Event Date | The date and time at which the event about the energy state change was logged by the local agent. |
Type | This column displays the type of power event, for example, Sleep , if the monitor turned into sleep mode, Login , if login information were entered to unlock the screen saver, and so on. |
Windows Devices
Logs an event for each disabled Windows device:
Parameter | Description |
|---|---|
Event Date | The date and time at which the event about the printer monitor was logged by the local agent. |
Operation | This column shows the type of operation that was executed on the connected device,that is, Authorized if the device was allowed to connect or Forbidden otherwise. Each operation for the same key is only listed once and will be updated if a status change occurs, that is, if a forbidden USB key tries to connect several times, only the first connection trial will be logged as the event. If this key is then allowed to connect and tries again, this time successfully, the logged event is updated. |
Class Type | This field defines for which type of peripheral device the step is to be defined, for example, USB HUB, USB Scanners, USB Storage Devices, and so on. |
Description | This field contains the name of the concerned peripheral device. |
Connected User Name | This field displays the name of the user that was connected at the time when the event occurred. |
Domain | The name of the domain of the connected user. If the network does not have domains, the device name will be displayed here. |
Comments
Log in or register to comment.