This event is sent when a specified string is matched in the log file.
| Property name | Description | Type | Filtering allowed | Required | Multiple values allowed | Multiple filter predicates allowed | Wildcard allowed | Length | Default value | |
| min | max | |||||||||
| File name | The fully qualified path and filename of the monitored file. | string |
|
|
|
|
1 | |||
| Matches | The number of matches found since monitoring started. | numeric |
|
|
|
|||||
| Match expression | The information to be searched for in the log file being monitored. | string |
|
|
|
1 | ||||
| Last write time | The time at which the specified file was last modified. | datetime |
|
|
||||||
| Size | The size of the log file (in bytes) when the most recent matching log file entry was found. | fileSize |
|
|
||||||
| Sample interval | The interval (in seconds) with which the specified file is monitored. | numeric |
|
|
60 | |||||
| Workstation | The workstation for which the event is generated. | string |
|
|
1 | |||||
| Time stamp | The time at which the event is sent. | datetime | ||||||||
| Host name | The fully qualified host name of the workstation that sends the event. | string |
|
|
|
|
1 | |||
| IP address | The IP address of the workstation that sends the event. | string | ||||||||
| Matching line | The contents of the line where the search string was found. | string | ||||||||
| Event rule ID | The event rule identifier. | string | ||||||||
This event is sent when a specified file is created.
| Property name | Description | Type | Filtering allowed | Required | Multiple values allowed | Multiple filter predicates allowed | Wildcard allowed | Length | Default value | |
| min | max | |||||||||
| File name | The fully qualified path and filename of the monitored file. | string |
|
|
|
1 | ||||
| Sample interval | The interval (in seconds) with which the specified file is monitored. | numeric |
|
|
60 | |||||
| Workstation | The workstation for which the event is generated. | string |
|
|
1 | |||||
| Time stamp | The time at which the event is sent. | datetime | ||||||||
| Host name | The fully qualified host name of the workstation that sends the event. | string |
|
|
|
|
1 | |||
| IP address | The IP address of the workstation that sends the event. | string | ||||||||
| Event rule ID | The event rule identifier. | string | ||||||||
This event is sent when a specified file is deleted.
| Property name | Description | Type | Filtering allowed | Required | Multiple values allowed | Multiple filter predicates allowed | Wildcard allowed | Length | Default value | |
| min | max | |||||||||
| File name | The fully qualified path and filename of the monitored file. | string |
|
|
|
1 | ||||
| Sample interval | The interval (in seconds) with which the specified file is monitored. | numeric |
|
|
60 | |||||
| Workstation | The workstation for which the event is generated. | string |
|
|
1 | |||||
| Time stamp | The time at which the event is sent. | datetime | ||||||||
| Host name | The fully qualified host name of the workstation that sends the event. | string |
|
|
|
|
1 | |||
| IP address | The IP address of the workstation that sends the event. | string | ||||||||
| Event rule ID | The event rule identifier. | string | ||||||||
This event is sent when a specified file remains unmodified in two consecutive monitoring cycles after a detected modification.
| Property name | Description | Type | Filtering allowed | Required | Multiple values allowed | Multiple filter predicates allowed | Wildcard allowed | Length | Default value | |
| min | max | |||||||||
| File name | The fully qualified path and filename of the monitored file. | string |
|
|
1 | |||||
| Sample interval | The interval (in seconds) with which the specified file is monitored. | numeric |
|
|
60 | |||||
| Last write time | The time at which the specified file was last modified. | datetime |
|
|
||||||
| Workstation | The workstation for which the event is generated. | string |
|
|
1 | |||||
| Time stamp | The time at which the event is sent. | datetime | ||||||||
| Host name | The fully qualified host name of the workstation that sends the event. | string |
|
|
|
|
1 | |||
| IP address | The IP address of the workstation that sends the event. | string | ||||||||
| Event rule ID | The event rule identifier. | string | ||||||||
Wildcard allowed
:
Supported wildcards are asterisk (*) and question mark (?)
Multiple values allowed
:
You can specify multiple values for the property in a single filter predicate. The filter will be satisfied when one of the values is matched.
Multiple filter predicates allowed
:
You can specify multiple filter predicates for the property. The event will match the event condition if all the predicates are satisfied.
Datetime
:
Contains both date and time, you can specify in the filter either one or both values.