Application Log Collectiong Rule Removed During Upgrade. (NETIQKB71361)

  • 7771361
  • 24-Nov-2008
  • 20-Aug-2009

Environment

Secuirty Manager 6.0 SP3
Log Manager for Windows Update Module Version 6.00.1.7

Situation

The purpose of this KB is to give details on the removal of Archival Collection Rules in the Log Manager for Windows Module update from version 5.60.0.255 to 6.00.1.7.

Resolution

The upgrade to the Log Manager Module from version 5.60.0.255 to 6.00.1.7 removes the Collect Application Log (Customize) rule under Log Manager for Windows\Support for Windows\. There is no notification to the customer that active rules will be pruged by the update.

  1. Open the Monitor Console.
  2. Expand Processing Rule Groups.
  3. Expand Log Manager for Windows.
  4. Expand Support for Windows.
  5. Right click on Event Processing Rules and select New > Event Processing Rule.
  6. Select Collect Logs for Archival (Archival) and click next.
  7. Click Next.
  8. Click Next.
  9. Click Next.
  10. In the Name field type the following: Collect Application Log
  11. Click Finish.

To apply this rule immediatly do the following.

  1. Open the Development Console.
  2. Right Click on Configuration and select "Force Configuration Changes Now".
  3. Select all your Central Computers and click Ok.

Cause

This rule was deprecated based on a survey of customer utilization. It was felt that most customers were not interested in collecting the application event log for archival purposes.

Additional Information

Formerly known as NETIQKB71361

Collecting the application log will have a significant impact to your Configuration Group's performance. Please be sure to account for the additional events per second (EPS) when enabling any unfiltered collection rule in your environment. It could result in the needs for more disk space on your Log Archive Servers and additional Central Computers added into your Configuration Group.