Implementing LogParser to view Event Viewer data

Version 3
    Share:|

    . Here are the instructions and this is based on the implementation by Ben Newton (https://communities.bmc.com/communities/docs/DOC-8774)

     

    Environment built on:
    AppServer OS/Arch = SLES 10 patch level 3 x86_64
    AppServer BL Version = BBSA 8.0.6
    RSCD Agent Version = 8.0.6.622
    RCP Version = 8.0.6.622
    Applicability (Agents running Windows)

     

     

     

     

    1. Download LogParser.msi (https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=24659) of use the package included in the zip below

    1.1 Add to depot using New -> Software -> MSI Package

    1.2 Here is my Install Command: msiexec /I "??SOURCE??" /qn /L* "C:\temp\bl_logparser.log" ALLUSERS=1 REBOOT=ReallySuppress (you can edit as necessary)

     

     

    2. I added the following files to the depot (APP will only show errors from the Application Log, SEC will only show errors from the Security log, SYS will only show errors from the System log)
    eventview-APP.bat
    eventview-SEC.bat
    eventview-SYS.bat
    ***Note: The path to the LogParser.exe in these files, ensure it matches the location of the binary on your target servers

    3. Create a BLPackage with these three files (eventview-APP.bat, eventview-SEC.bat, eventview-SYS.bat - softlinked) and the (LogParser.msi - softlinked) software we added in step 1.
    4. Open the package up and change the Path for each file to point where you'd like them to be stored agent side.
    5. Deploy the package to your target Windows Servers
    6. Put these files on your appserver. I stored them here (/opt/bmc/BladeLogic/8.0/NSH/share/sensors)
    eventviewer-APP.nsh
    eventviewer-SEC.nsh
    eventviewer-SYS.nsh
    ***Note: The path to the relevant eventview-AAA.bat in these files, ensure they match the location of the batch files you deployed in step 4/5
    **Note: The \\ escapes \

    7. Open the RCP client and create the following 3 extended objects
    7.1 
    Name: Event Viewer: Application log
    Description: Shows only errors in the Application log
    Operating System: Windows
    Command/Script: nsh -c /opt/bmc/BladeLogic/8.0/NSH/share/sensors/eventviewer-APP.nsh ??TARGET.HOST??
    ***Note the path in the script is from step 6, ensure these match
    Choose Central Execution
    Grammar file: csv file grammar (csv.gm)

    7.2
    Name: Event Viewer: Security log
    Description: Shows only errors in the Security log
    Operating System: Windows
    Command/Script: nsh -c /opt/bmc/BladeLogic/8.0/NSH/share/sensors/eventviewer-SEC.nsh ??TARGET.HOST??
    ***Note the path in the script is from step 6, ensure these match
    Choose Central Execution
    Grammar file: csv file grammar (csv.gm)

    7.3
    Name: Event Viewer: System log
    Description: Shows only errors in the System log
    Operating System: Windows
    Command/Script: nsh -c /opt/bmc/BladeLogic/8.0/NSH/share/sensors/eventviewer-SYS.nsh ??TARGET.HOST??
    ***Note the path in the script is from step 6, ensure these match
    Choose Central Execution
    Grammar file: csv file grammar (csv.gm)

    8. Live Browse a server that you deployed the BLPackage and LogParser to, expand the Extended Objects category and select one of the objects you just created