Windows Event Log
Checks the Windows Event Log on remote machines for specified events.
notitie
Overview
The Windows Event Log Event Monitor is the best way to detect events and get alerts. It can monitor any event logs you choose, including the extended event logs introduced with Windows Server 2008. It includes a wide variety of filtering options and can also export detected events to a SQL server database for archival, auditing, and data warehouse integration.
info
Use Cases
- Specific Event Monitoring: Monitoring specific event logs while filtering out others.
- Extended Event Log Monitoring: Monitoring extended event logs.
Monitoring Options
Connectivity Alerts
- Device Contact: Alert with [Info/Warning/Error/Critical] if the device cannot be contacted.
- Log Full Alert: Alert with [Info/Warning/Error/Critical] if the event log is full.
Event Filtering
- Event Log Selection: Select the event log that the event monitor will check.
- Event Types: Select the event log types that will be checked.
- Event IDs: Enter event IDs to filter events by.
- Source: Enter sources to filter events by.
- Event Text: Specify text strings to filter events by.
Event Handling
- Matching Events: Alert with [Info/Warning/Error/Critical] when specific events are found.
- First Matching Events: Show the first [#] matching events in notifications.
- New Events Only: Only check for new event log records.
- Always Report Success: Report success when matches are found.
- Convert SIDs to Account Names: Attempt to convert SIDs to account names.
- Export to SQL Server: Export matching events to a SQL Server database.
Authentication and Security
The account used for authentication must be a member of the Event Log Readers group or have admin rights. Admin rights are required to monitor the Windows Security event log.
Protocols
Data Points
This event monitor does not generate any data points.
Sample Output
