Usage

The WinEventLogAdapterService.exe file is in the server/sdk/net subdirectory. If you install Sybase CEP Engine to the default directory, this will be C:\Program Files\C8\Server\sdk\net.

When the adapter is started, it takes the following arguments:

To start the adapter as a stand-alone program, execute a command similar to the following:

WinEventAdapter ccl://localhost:6789/Stream/Workspace/
   WinEvtAdapter/InEvents Security Application

Although this may be displayed as more than one line, this should all be on one line.

This command starts the adapter, tells the adapter to publish to the specified stream URI, and tells the adapter to read events from two Microsoft Windows event logs: Security and Application.

As a stand-alone program, the adapter will run continuously until another process sends the adapter the KILL signal.

To run the adapter as a windows service, go into the Service Explorer by clicking Start -> Settings -> Control Panel -> Administrative Tools -> Services. Start the Windows Event Adapter Service using the same arguments as for the stand-alone application. You can also edit the file WinEventLogAdapterService.exe.config, located in the same directory as the adapter executable, to provide configuration parameters. You can specify four parameters:

• StreamUri: (Required). The URI of the stream where the adapter will publish events.

• EventLog: (Required). The names of the event logs to monitor, separated by commas.

• RetryLimit: (Optional). How many times the adapter should retry publishing to a stream before giving up (used when the server stops and takes some time restarting). Defaults to 0, indicating no retries.

• RetryIntervalSeconds: (Optional). How long to wait between retry attempts. Defaults to 60 seconds.

Examine the sample file provided with the adapter for formatting specifics.