We are using ntevl probe to monitor the security log for type:10 interactive logins. The probe alerts fine on the expression trigger. But we are trying to get a daily list of all the interactive logins that occur in a report format. When you set QOS you only get a number of times its occured. How do you get the user names to be stored so this information can be reported on?
I do not believe this would be possible as QOS messages are stored as numeric information in the database.
There would have to be an ER to add the ability to store none numeric information with QOS
I understand that the database only stores metrics. But what alternative method(s) could be used to take the event and store it for reporting on. Say like some way to use NAS to forward these events to a file that will record the events? Anybody out there have a solution they have already worked out that doesn’t require waiting indefinitely for an ER.
Just thinking aloud, how about to have the ntevl trigger a script/command to write the contents to a file.
Yeah, I was thinking like something along those lines but I didnt know how effecient it would be. Sounds like it may be resource intensive. Anyone else with an better alternative? The event logging database stores text events from UIM event logging. Could ntevl events be channeled over there as well and stored in that database?
Sent from my T-Mobile 4G LTE Device