Windows Event Log Sensor

<< Click to Display Table of Contents >>

Navigation:  Sensors > Operating System Sensors >

Windows Event Log Sensor

The Windows Event Log Sensor is able to monitor event logs of local and remote computers and to notify you when new events occur.

Please note: To monitor systems remotely, the following two firewall rules must be activated:

Remote Event Log Management (RPC)

Windows Management Instrumentation (DCOM-In)

 

Sensor Tasks

Test Sensor

Tests the current sensor settings.

Get Help

Opens the ServerSentinel online help for the current sensor.

Basic Settings

Name

The name of the sensor (max. 100 characters). Choose a meaningful name to clearly identify the sensor.

Sensor is Active

Toggles the sensor ON/OFF.

Check Interval

The interval or times at which which the sensor should perform its checks.

Simple

The sensor performs its checks every x time units, e.g. every 10 minutes.

Daily

The sensor performs its checks daily at one or more (max. 4) fixed times, e.g. daily at 0 and 12 o'clock.

Weekly

The sensor performs its checks at certain days of the weeks at one or more (max. 4) fixed times, e.g. monday to friday at 12 o'clock.

Monthly

The sensor performs its checks at certain days of the month at one or more (max. 4) fixed times, e.g. every 1st of the month at 12 o'clock.

Only check if this Sensor didn't fail

This sensor will only be checked, if the sensor in the drop down list didn't fail.

Further Information

Comment

Short additional information to the sensor (max. 255 characters).

Connection Settings

Host

The IP address or DNS name of host which should be monitored (max. 255 characters).

Credentials

Here you can either select an existing credential object, create a new one by inserting a display name, an username and a password.

Event Log Settings

Event Level

The event levels which should be monitored. If none is selected, all will be considered.

Log Files

The log files which should be monitored.

Sources

The sources which should be monitored. If none is selected, all will be considered.

IDs

The IDs which should be monitored. Multiple IDs can be separated with commas. Ranges can be selected using '-'.

Keywords

The event keywords which should be monitored. If none is selected, all will be considered.

User

The user from which events should be monitored.

Computers

The computers from which events should be monitored. Multiple computers can be separated with commas.

Meta Data Values

Data Value

Data Type

Description

Checktime

Date

The time the dataset has been created.

Exception Message

String

The message of the error if any occurred.

Response Time

Integer

The response time needed to perform the check.

Status

String

A status string that may contain arbitrary information that was collected by the sensor (max. 255 characters). Per default this value is empty.

Status Flag

Enum

The status of the sensor after the check has been performed.

Data Values

Data Value

Data Type

Description

Category

String

The category of the event.

Computer

String

The name of the computer that produced the event.

Event Code

Integer

The event code is a unique number for the particular message.

Identifier

Integer

The event identification code.

Message

String

A description of the event that occurred.

Record Number

Integer

The record number of the event in the log database.

Source

String

The name of the source that produced the event.

Timestamp

Date

The date the event.

Type

Enum

The type of the event.