Docs.bmc.com will undergo a brief maintenance outage 27 March 2025. The site will be unavailable for ten minutes starting at 6:30 AM CDT/5 PM IST.

Keys and values for the audit log variable

The Audit Log configuration variable, /AgentSetup/auditLog, consists of a new line separated list of Key and Value pairs as shown in the following example: 

"/AgentSetup/auditLog" = {
REPLACE = "Active=1\
filecount=4\
FileAging=Size 10"
}

What happens when you set auditLog using a monitoring policy on the TrueSight console?

You can set only the Active parameter through a monitoring policy on the TrueSight console:

Active=1

The following parameters are set to the default values:

filecount=5

FileAging=Daily 0


The following table lists and explains the Key and Value pairs:

 AgentSetup/auditLog keys and values

 

 Creating a custom node in the windows event log

When you set the /AgentSetup/auditLog configuration variable to log information to the Windows Event Log, the activity will be logged to the "Applications" Windows Event Log by default. On Windows 2000 or later, you can create a separate, custom "PATROL" node in the Windows Event Log.

The following task describes how to create a custom log. You must first remove the existing agent service (if necessary), and install the agent with the -l (L) command line option.

To remove the agent service

Type the following command in the command line and press Enter:
PatrolAgent -remove

To install the agent service

  1. Type the following command in the command line and press Enter:
    PatrolAgent -install -l logname (where logname is the desired name for the custom log node)
  2. Restart your computer for the change to take effect.