The Windows OS Event Insight Pack allows users of IBMÂ® Operations Analytics – Log Analysis, in conjunction with the Tivoli Log File Agent or logstash, to gather and process Windows OS Events.
Two separate data gathering mechanisms are supported:
- Tivoli Log File Agent
The Windows OS Events Insight Pack was built using the IBM Operations Analytics – Log Analysis DSV Toolkit.
For Windows events gathered by the Tivoli Log File Agent (LFA) or logstash the data is configured into a comma separated format then indexed and annotated for analysis.
- Tivoli Log File Agent provides a configurable log file monitoring capability
using regular expressions. The LFA uses the WINEVENTLOGS configuration (.conf) file
option to monitor events from the Windows event log. The agent monitors a
comma-separated list of event logs as shown in the following example:
- Logstash has a supported input module named eventlog, http://logstash.net/
docs/1.2.2/inputs/eventlog, which pulls events from the Windows Events Logs.
The events are then forwarded using the output module available in the logstash
Integration Toolkit to the Operations Analytics – Log Analysis EIF Receiver.
The following are a summary of the steps to install the Windows OS Events Insight Pack
Reference the Windows OS Events Insight Pack documentation for setup and use instructions.
Cost: Shipped with product.
- IBM Operations Analytics – Log Analysis v1.3.0 or later
To report a problem with deploying this entry, entitled customers may contact the country specific IBM support channel, reference the IBM Worldwide Directory. Also use the “Support” link to access the support site for IBM Operations Analytics – Log Analysis information.