Work with Event Subtypes panel

The Work with Event Subtypes panel allows you to define and work with Event Subtypes for a particular Event Description.

An Event Subtype is a specification that further defines how to identify the IBM i events in which you are interested. Many times an Event Description will represent an action that occurred, and this "subtype" will indicate the subject of the action or different classes of the action.

How to Get There

On the Work with Event Descriptions panel, choose option 8=Subtypes.

Field Descriptions

Event Source

An Event Source is a location from which IBM i events are extracted. Currently, journals and message queues are supported as Event Sources. Common event sources are QAUDJRN (journal) and QSYSOPR (message queue). You may define your own journals and message queues as Event Sources.

Event Description

Indicates the Event Description to which the listed Event Subtype pertains.

An Event Description is a specification that defines how to identify the IBM i events in which you are interested.

Event Field

Indicates the Event Field that defines the event data that delivers the subtype value when an event is processed.

An Event Field is a specification that defines how to interpret different sections of the IBM i event's data.

Position to

Type a value here to position the list to the Event Subtype whose name is equal to or greater than the value you entered.

Options

Opt

Enter a valid option from the list of options provided on the list panel.

2=Change
Choose this option for an Event Subtype to open the Change Event Subtype panel where you can modify the properties of an existing Event Subtype.
3=Copy
Choose this option for an Event Subtype to open the Copy Event Subtype panel where you can create a new Event Subtype by copying the properties and content of an existing Event Subtype.
4=Delete
Choose this option for an Event Subtype to delete the Event Subtype.
5=Display
Choose this option for an Event Subtype to open the Display Event Subtype panel where you can display the Event Subtype properties.
6=Toggle active
Choose this option to toggle the status of the Event Subtype from active (1) to inactive (0), or vice versa.
9=Rules
Choose this option for an Event Subtype to work with Event Subtype Rules.
Active

Indicates whether the Event Subtype is available for processing. When an Event Subtype is not active, the event it identifies will not be processed.

Name

The name you use to refer to this Event Subtype within Powertech SIEM Agent. The name must match exactly whatever data the "subtype field" can contain in the actual event data at execution time.

Description

A short description you assign to the Event Subtype.

Command Keys

F3=Exit

Exit the program.

F5=Refresh

Refreshes the panel with the most current data.

F6=Create

Creates a new item.

F11=View

Toggles the panel between different views.

F12=Cancel

Discards changes and returns to the prior panel.