Real-Time Event Viewer
Viewing Log Messages in the Real-Time Event Viewer
The Real-Time Event Viewer displays log messages as they are received by the Check Point Collector, Cisco IDS Collector, Network Collector, Oracle Database Collector, WinLog Collector, or Advanced Windows Collector for your Manager. The Real-Time Event Viewer can be a useful tool for troubleshooting problems with your Log Sources. For example, you can quickly verify that TLC is successfully collecting log messages from a Log Source.
To view log messages in the Real-Time Event Viewer:
1. | In the side bar, select Events >Real-Time Event Viewer. |
2. | At the top of the Real-Time Event Viewer, enter filter criteria to specify the log messages to be displayed in the viewer (see Table 76). |
3. | Click Start. |
The Real-Time Event Viewer presents a scrolling list of the Collector's log messages in the workspace (see Table 77).
To stop the Real-Time Event Viewer, click Stop.
To reset the filter criteria fields, click Clear.
To save the displayed log messages in a CSV file, click Save.
Tips |
For busy Log Sources, the Real-Time Event Viewer will display log messages almost immediately. If you do not see any log messages for a Log Source, you can do something to the Log Source's host to prompt the creation of a log message. For example, you could log into the host, enter the configuration mode, and make a harmless, minor configuration change. When the Real-Time Event Viewer is running, you can enable and disable the Scrolling, Resolve IPs, and Wrap Text filter criteria to change the display of log messages. |
---|
Field |
Description |
---|---|
Message-content filter |
Limits the Real-Time Event Viewer to log messages containing specified text (e.g. "logon" or "administrator"). By adding a .NET regular expression to the specified text, you can further limit the Real-Time Event Viewer to log messages that 1) contain the specified text, and 2) satisfy the condition(s) specified by the regular expression. For example, if you enter the following criteria in the Message-content filter field, TLC will limit the Real-Time Event Viewer to log messages that 1) contain the string "administrator," and 2) satisfy the Process(1|2|3) regular expression: administrator || Process(1|2|3) |
IP-address filter |
A .NET regular expression for the IP address(es) of Log Sources. If a message's Log Source does not have an address that matches the expression, the Real-Time Event Viewer will not display the log message. |
Collector |
The Collector for which log messages will be displayed. |
Messages displayed per second |
Limits the event-per-second (EPS) speed with which the Real-Time Event Viewer displays log messages. |
Auto-scroll |
If enabled, the Real-Time Event Viewer automatically scrolls down the list of log messages as they are received. |
Resolve IP addresses |
If enabled, the Real-Time Event Viewer resolves the IP addresses of Log Sources and displays the host name in the Host Name column. |
Wrap text |
If enabled, the Real-Time Event Viewer wraps the content of log messages displayed in the Message column. |
Column |
Description |
---|---|
Timestamp |
The date and time when the Collector created a log message. |
IP |
The IP address of the Log Source that created a log message. |
Host Name |
By default, the IP address of the Log Source. If Resolve IPs is selected in the filter criteria, this column displays the resolved host name of the Log Source. |
Message |
The content of a log message. |