Heartbeat objects define which Event IDs the logging server is looking for and the interval at which those events must occur. You can also define the information that is returned in the heartbeat event's Text1, Text2, Text3, Value1, Value2 and Value3 fields.
If an event does not occur within the designated interval, the logging server generates a heartbeat event (EventID 0001001). The information in the Heartbeat object's Text1, Text2, Text3, Value1, Value2, and Value3 fields is used to populate the corresponding fields in the heartbeat event. The Notification Filter can differentiate heartbeat events based on the values you define in the Text1, Text2, Text3, Value1, Value2, and Value3 fields.
The heartbeat event is automatically logged to the central data store; however, if you want to receive notification that a specific event has not occurred, you must create a Notification Filter for the corresponding heartbeat event.
IMPORTANT: You must restart the logging server to effect any changes in Heartbeat object configuration. For more information on restarting the logging server, refer to the Novell® Audit Administration Guide.
The following provides a description of each Heartbeat object attribute:
Item |
Description | |
Configuration |
| |
|
Description |
This field allows you to enter a description and any necessary explanation for the Heartbeat object. The field limit is 255 characters.
|
|
Event ID |
The Event ID you want the logging server to monitor.
The Event ID uniquely identifies each type of logged event. For more information, see Event Structure. If one of the logging applications does not log the Event ID in the designated interval, the logging server generates a heartbeat event. IMPORTANT: The Event ID is not included in the heartbeat event. Therefore, you should enter information in the Text1, Text2, Text3, Value1, Value2, and Value3 fields that allows you to determine which event triggered the heartbeat event.
|
|
Interval |
The maximum number of seconds between each event occurrence. If the event does not occur within the designated interval, the logging server generates a heartbeat event.
|
|
Originator |
Who or what caused the event.
|
|
Text1 |
The information that appears in the heartbeat event's Text1 field. It can contain any text string up to 255 characters. IMPORTANT: To facilitate filtering of heartbeat events, the Text1, Text2, Value1, and Value2 fields should include information that allows you to identify which event triggered the heartbeat event.
|
|
Text2 |
The information that appears in the heartbeat event's Text2 field. It can contain any text string up to 255 characters.
|
|
Text3 |
The information that appears in the heartbeat event's Text3 field. It can contain any text string up to 255 characters.
|
|
Value1 |
The information that appears in the heartbeat event's Value1 field. It can contain any numeric value up to 32 bits.
|
|
Value2 |
The information that appears in the heartbeat event's Value2 field. It can contain any numeric value up to 32 bits.
|
|
Value3 |
The information that appears in the heartbeat event's Value3 field. It can contain any numeric value up to 32 bits.
|
|
|
Click the plus sign Each line defines a separate event for the logging server to monitor. If a given event does not occur, the logging server generates a unique heartbeat event using the information from the Text1, Text2, Value1, and Value2 fields. There is no programmed limit to the number of events that can be added to Heartbeat objects.
|
Status |
By default, all Heartbeat objects are enabled. This means that the logging server loads the Heartbeat object's configuration in memory at startup. IMPORTANT: The Heartbeat object must be located in a supported Notification container for the logging server to use it. For more information on the logging server's Notification Container property, see Adding and Removing Notification Containers. If you select the Disabled option, you must restart the Secure Logging Server for the setting to become effective. Thereafter, the logging server cannot load the object's configuration until you select Enabled.
|
A trademark symbol (®, , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.