Need to enable log monitoring on IBM servers using logmon for event 8198
search cancel

Need to enable log monitoring on IBM servers using logmon for event 8198

book

Article ID: 239654

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We have a requirement which is highlighted below.

We have noticed that below event ID is triggered on the server when the Windows activation is failed. 

Event ID: 8198

As we have only configured logmon for Dell_OMSA servers. Could you please help us to configure below requirement (IBM).

Environment

Release : 20.3

Component : UIM LOGMON 4.11/4.20

Resolution

Here is an ntevl profile for Windows event 8198.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=y+twGXyR0igVqEuuWvnU6A==

 

 

Here is the watcher section from the ntevl.cfg showing the Windows_activation profile.

<watchers>
   <Windows_activation>
      active = yes
      description = Event log messages with source 'Windows Activation'
      level = from eventlog
      logs = application
      severity = 1
      source = /.*Security-SPP.*/
      category = *
      event_id = 8198
      user = *
      computer = lvxxxxxxx39
      message = /.*License Activation.*/
      send_alarm = yes
      alarm_message = $source($event_id - $category): $message
      i18n_token = as#system.ntevl.src_id_cat_1
      send_subject = no
      subject = 
      subsystem = 
      suppress = no
      suppression_key = 
      send_to_axa = 
      tenant_id = 
      tags = 
      exclusive = no
      qos_count = no
      qos_interval = 3600
      time_frame = 
      evt_count = 
      evt_count_condition = 
      runcommandonmatch  = 0
      commandexecutable = 
      commandarguments  = 
      separator = 
   </Windows_activation>

Here is the email of the ntevl alarm base don the nas AO Profile created for an action of EMAIL.

Powered by Wolken Software