Service manual
Appendices 117
filter f_windows_bluescreen { facility(local<conf.DB_facility>) and
level(info)nd match("XML_MONITOR") and match("BLUESCREEN"); } ;
- and -
filter f_windows_boot { facility(local<conf.DB_facility>) and
level(info) and match("XML_MONITOR") and
not match("BLUESCREEN") and match("machine-info"); } ;
Once the desired message is filtered, define which actions we would like to take. Syslog-ng creates
macros that may give easy access for the administrators to access the xml information. If the
administrator uses these macros, syslog-ng replaces the macros by the data received in the xml
packet.
Table A.5 shows the macros that are available when filter f_windows_bluescreen is successful, and
the examples of values that may replace the macros
.
Table A.5: f_windows_boot Macros
Macro Description Value to replace macro
$<INSTANCE
CLASSNAME=>
Reason for the break point. Currently there is
only one type, BLUESCREEN.
BLUESCREEN
$<PROPERTY NAME=> Additional details about break point. STOPCODE
$<VALUE> Additional details about break point. 0xE2
$<name> Machine name. MY_WIN_SERVER
$<guid> GUID that uniquely identifies this server. If
no such value is available, all 0’s GUID
string is used.
4c4c4544-8e00-4410-8045-
80c04f4c4c20
$<processor-architecture> Processor architecture. It may be either x86
or IA64.
x86
$<os-version> Windows version. 5.2
$<os-product> Which Windows Server product. It may be
Windows Server 2003 Datacenter Edition,
Windows Server 2003 Embedded, Windows
Server 2003 Enterprise Edition or Windows
Server 2003.
Windows Server 2003
$<os-service-pack> Alphanumeric string that identifies the most
up-to-date service pack installed. If none
installed, the string is None.
None
$<tty> console server serial port tty or alias name. S1.ttyS1