EVENT statement for API
The EVENT statement is a parameter file statement that specifies the field selection, facility, severity, and so forth for an API1 event. You must code an EVENT statement (and an appropriate SELECT EVENT statement) in the parameter file in order for your API1 events to be formatted.
If you code more than one EVENT statement for a particular EVENT type a subsequent EVENT statement replaces any EVENT statement(s) for that type that came before.
Parameter | Description |
|---|---|
EVENT | Must be coded as shown. |
type | Specifies the EVENT type. The EVENT type is the portion of the EVENT name as coded in the |
FACILITY(facilityName) | Specifies the RFC 3164 facilityName that is to be indicated as the origin of the syslog messages corresponding to the indicated SMF records. If you omit this parameter, it defaults to the facility coded on the TYPE statement for the EVENT type. If you would like a different facility indicated, code one of the RFC 3164 facilityNames as listed in Syslog Facilities and severities . |
FIELDs(fieldName…) | Specifies the names of the API1 event fields that are to be transmitted to the BMC Defender Server or other syslog console, and the order in that they are to appear in the message. Specify one or more of the fields as described in FIELDS-parameter. You can only specify fields appropriate to the event type. |
filterSpecification | For information about filterSpecification , see FILTER-and-MATCH-parameters. |
LOG or LOG(HEX) | Specifies that the selected API1 records are to be logged on CZAPRINT and optionally dumped in hexadecimal and character format. This parameter is intended primarily for diagnostic purposes. Use care in specifying LOG(HEX) as it may generate a large volume of print records, especially if BMC AMI Defender for z/OS is left running for several hours. |
PROCess(processTag) | Specifies the tag that appears at the start of the syslog messages for the indicated Event type (following the priority, timestamp, and host name, and preceding the formatted fields). Specify the exact processTag that you want to include in syslog messages, including any spaces and punctuation. The p rocessTag may be of any length from the null string (‘’) to 32 characters. If PROCess is omitted, it defaults to the value specified on the TYPE statement for the EVENT type followed by the leading delimiter from OPTIONS DELIM. |
SEVerity(severity) | Specifies the default syslog severity for EVENTS for which the API1 caller has specified default severity. See Syslog Facilities and Severities . You may also code SUPPRESS. SUPPRESS indicates that the default records are not to be formatted and forwarded to the Syslog Server at all. If you omit SEVerity, it defaults to the value specified on the TYPE statement for the EVENT type. |