|
|
United States-English | |
|
|
 |
|
HP 9000 Networking: Advanced Server/9000 Concepts and Planning Guide > Chapter 7 Monitoring Events
Using Event Viewer With Archived Log Files |
|
|
You can archive an event log in log-file format so that you can reopen it later in Event Viewer. Or the log can be saved in text format or comma-delimited text format so that you can use the archived information in other applications. For example, you can archive security logs so that you can monitor security events over a period of time. Or you can archive application logs so that you can track the Warning and Error events that occur for specific applications. When you archive a log file, the entire log is saved, regardless of any filtering options specified in Event Viewer. If you changed the sort order in Event Viewer, event records are saved exactly as displayed if you archive the log in a text or comma-delimited text file. When you archive an event log, it can be saved in one of three file formats:
The binary event data is saved if you archive a log in log file format but it is discarded if you archive the log in text file format or in comma-delimited text file format. The event description is saved in all archived logs. When you archive a sorted log, the sort order affects the order in which event records are archived in a text file format or comma-delimited text file format. However, sort order does not affect the order of event records in a log archived in log file format. In either case, the sequence of data within each individual event record is record in the following order:
1 Depends on the sort order specified on the View menu. Archival has no effect on the current contents of the active log. To clear the original log, you must click Clear All Events on the Log menu. To remove an archived log file, delete the file as you would other kinds of files. For information about archiving event logs, see "Archiving Event Logs" in Event Viewer Help. You can view an archived file in Event Viewer only if the log was saved in event log-file format. You cannot click the Refresh or Clear All Events commands to update the display or to clear an archived log. An event log that is saved in text- or comma-delimited text format can be opened in other applications. These applications can be used to filter, sort, and format the archived event records. You also can combine event records from two or more archived text files to create reports. . For example, you can copy lines of text from an archived log to include as supporting information in an electronic mail message. Or you can archive a security log in comma-delimited format so that you can place the information in a spreadsheet and produce a chart showing the archived information. The Advanced Server elfread command can be used to read system, security and application logs. This command is especially useful when troubleshooting an Advanced Server/9000 that has failed to start. (Events of this type typically are written to the system log.) The elfread command should be used as a backup to the Event Viewer, which is the recommended method of viewing log files when the server is running.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Printable version |
|
|
|
|
|
|||||||||||||||
|
|||||||||||||||
