Application Log Collectiong Rule Removed During Upgrade. (NETIQKB71361)

  • 7771361
  • 24-Nov-2008
  • 20-Aug-2009


Secuirty Manager 6.0 SP3
Log Manager for Windows Update Module Version


The purpose of this KB is to give details on the removal of Archival Collection Rules in the Log Manager for Windows Module update from version to


The upgrade to the Log Manager Module from version to removes the Collect Application Log (Customize) rule under Log Manager for Windows\Support for Windows\. There is no notification to the customer that active rules will be pruged by the update.

  1. Open the Monitor Console.
  2. Expand Processing Rule Groups.
  3. Expand Log Manager for Windows.
  4. Expand Support for Windows.
  5. Right click on Event Processing Rules and select New > Event Processing Rule.
  6. Select Collect Logs for Archival (Archival) and click next.
  7. Click Next.
  8. Click Next.
  9. Click Next.
  10. In the Name field type the following: Collect Application Log
  11. Click Finish.

To apply this rule immediatly do the following.

  1. Open the Development Console.
  2. Right Click on Configuration and select "Force Configuration Changes Now".
  3. Select all your Central Computers and click Ok.


This rule was deprecated based on a survey of customer utilization. It was felt that most customers were not interested in collecting the application event log for archival purposes.

Additional Information

Formerly known as NETIQKB71361

Collecting the application log will have a significant impact to your Configuration Group's performance. Please be sure to account for the additional events per second (EPS) when enabling any unfiltered collection rule in your environment. It could result in the needs for more disk space on your Log Archive Servers and additional Central Computers added into your Configuration Group.