search cancel

ntevl probe scalability considerations/issues


Article ID: 33556


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM) Unified Infrastructure Management for Mainframe CA Unified Infrastructure Management SaaS (Nimsoft / UIM)


Currently, ntevl comes with three standard default monitoring logs for Windows systems, that is:

  1. System log
  2. Security log
  3. Application log

But the probe doesn't seem to be scaling well and is missing alarms.


- Security events


Component: UIMNVL


Monitoring 3 large log files in Windows has been noted to produce a lot of overhead or delay in large environments through the sheer amount of data being monitored/transferred. This may cause scalability issues in that, any windows event alarm that is triggered, will not be alerted on or appear in UIM after some delay, e.g., 2+ hours.

***It was noted that removing these default logs (at least 2/3) from monitoring helped immensely by improving alarm response in UIM.

The default logs are not able to be removed through the GUI, or manually from the cfg, however they can be removed using the probe's Raw Configure option.

  1. Ctrl + RT-click ntevl probe, Choose Raw Configure, then
  2. Select ->Edit configuration file
  3. Navigate to the logs, and select the log to be removed, e.g., Security
  4. Choose the Delete key
  5. Click Ok