ntevl probe scalability considerations/issues
Document ID :
Last Modified Date :
Show Technical Document Details
CA Unified Infrastructure Management
UIM - NTEVL:UIMNVL
Currently, ntevl 4.01 comes with three standard default monitoring logs for Windows systems, that is;
This have been noted to produce a lot of ?overhead? or delay in large environments through the sheer amount of data being monitored/transferred. This may cause scalability issues in that, any windows event alarm that is triggered, will not be alerted on or appear in UIM after 2+ hours.
***It was noted that removing these default logs (at least 2/3) from monitoring. immensely helped by improving alarm response in UIM.
The default logs are not able to be removed through the gui, or manually from the cfg however. They have to be removed using the probe's Raw Configure option.
Ctrl + right click ntevl probe
Select ?Edit configuration file?
Navigate to the logs, and select the log to be removed
Choose ?Delete key?
*** Only then will the default logs be removed from monitoring.
Keywords; ntevl ntevent scalability default system security application event alarm monitoring logs windows alert
Was this information helpful?