ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ntevl probe scalability considerations/issues

book

Article ID: 33556

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) NIMSOFT PROBES Unified Infrastructure Management for Mainframe CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Currently, ntevl comes with three standard default monitoring logs for Windows systems, that is:

  1. System log
  2. Security log
  3. Application log

But the probe doesn't seem to be scaling well and is missing alarms.

Cause

- Security events

Environment

Release:
Component: UIMNVL

Resolution

Monitoring 3 large log files in Windows has been noted to produce a lot of overhead or delay in large environments through the sheer amount of data being monitored/transferred. This may cause scalability issues in that, any windows event alarm that is triggered, will not be alerted on or appear in UIM after some delay, e.g., 2+ hours.

***It was noted that removing these default logs (at least 2/3) from monitoring helped immensely by improving alarm response in UIM.

The default logs are not able to be removed through the GUI, or manually from the cfg, however they can be removed using the probe's Raw Configure option.

  1. Ctrl + RT-click ntevl probe, Choose Raw Configure, then
  2. Select ->Edit configuration file
  3. Navigate to the logs, and select the log to be removed, e.g., Security
  4. Choose the Delete key
  5. Click Ok