Using TIBCO LogLogic Lasso Classic to collect from a non-default Windows event journal
Article ID: KB0077455
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Lasso Enterprise | 4.4.3 and higher |
Description
Sometimes a particular application will utilize event logs using the Windows journal format and therefore can be viewed using Windows Event Viewer. In that scenario Lasso can be used to collect the events.
Issue/Introduction
This article explains how to configure Lasso Classic to collect events from non-default event journals used by 3rd party applications.
Environment
This article is for Lasso Classic, despite the product name field specifying Lasso Enterprise.
Resolution
Lasso only pulls events from Windows event logs. If an application creates proper event logs (which show up in the file system as "*.evt" files), then Lasso will be able to collect them.
To collect the application logs you need the "Event Log Name," which is not the same as the file name or folder name. The Event Log Name can be found by opening the Registry on the application host (not the Lasso agent host, unless they happen to be the same) with regedt32 and going to:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog
At that level you will see a set of subfolders, three of which should be named Application, Security, and System. If the application has run successfully in the past to create its event log, then the custom event log should be represented here as a subfolder under HKLM\SYSTEM\CurrentControlSet\Services\EventLog
The name of this registry subfolder is what you need to give Lasso as the custom event log name.
Go to the Lasso host to edit the hostlist.ini file, located in the c:\program files\Lasso directory. This file should have the IP address, or the hostname, of the server from which you want to collect the custom event log and then the name of the registry subfolder, which is case sensitive, with the fields separated by a comma.
Example:
192.168.1.90, newslogs
To collect the application logs you need the "Event Log Name," which is not the same as the file name or folder name. The Event Log Name can be found by opening the Registry on the application host (not the Lasso agent host, unless they happen to be the same) with regedt32 and going to:
HKLM\SYSTEM\CurrentControlSet\Services\EventLog
At that level you will see a set of subfolders, three of which should be named Application, Security, and System. If the application has run successfully in the past to create its event log, then the custom event log should be represented here as a subfolder under HKLM\SYSTEM\CurrentControlSet\Services\EventLog
The name of this registry subfolder is what you need to give Lasso as the custom event log name.
Go to the Lasso host to edit the hostlist.ini file, located in the c:\program files\Lasso directory. This file should have the IP address, or the hostname, of the server from which you want to collect the custom event log and then the name of the registry subfolder, which is case sensitive, with the fields separated by a comma.
Example:
192.168.1.90, newslogs
Feedback
Yes
No
Powered by
