Remote Monitoring & Management Help

Event Log Check

The Event Logs are repositories of information that have detailed data on the status of the system written to them by applications and Windows components.

The Event Log Check monitors the Event Logs and can be configured to query a specific Event Log based on the following indicators Event ID, Event Type, Event Source and Description. Alerting where the specified information is, or is not, discovered in an Event Log entry.

The Check is available as both a 24x7 and Daily Safety Check as there may be Events you wish to be alerted to as soon as they occur, for example those recorded as critical events or license failures, as well as those that only happen once a day, for example where a backup job has completed or an Antivirus program updated.

clip0199 clip0201

How to get the Event Log Check up and running:

Select the Event Log Check in either the 24x7 or Daily Safety Check section. Please note both 24x7 Event Log Checks and Daily Event Log Checks can be configured on the same Agent.

Descriptive Name

The first stage is to give the check a meaningful name for identification on the Dashboard and in Alerts.

Event Log to check

The Agent automatically detects the installed Event Logs, which are selectable from the drop-down menu.

Alert when

This threshold determines when an alert is generated. The options here are to Alert when the Log contains or Log does not contain the following information:

Event ID(s)

The identification number associated with the Event, this may be specific to this Event or generic used for multiple Events.

Event Type

There are five possible Event Types recorded in the Event Log and any permutation of these may be selected. They are defined by Microsoft as:

Information: An event that describes the successful operation of an application, driver, or service.

Error: A significant problem, such as loss of data or loss of functionality.

Warning: An event that might not be significant, but might indicate a future problem.

Success Audit: An audited security access attempt that succeeds.

Failure Audit: An audited security access attempt that fails.

Event Source

The Event Source is the application or Windows component that generates the Event.

Message contains string

The Agent can be configured to search for specific text within the Event description and this can include wildcard entries [*], for example drive * failed. The information contained within the Event description allows for the monitoring of specific problems or the programs status.

Days to run (Daily Safety Check Only)

The Days to run is particularly useful for monitoring intermittently running programs, for example backup jobs. When configuring this option please ensure that the monitored Event is created in the 24 hour period preceding the Daily Safety Check.

Event Exclusion from Agent 8.9.2 onwards

Apply Critical Events Exclusion List

Tick this box to ignore those Events already entered in the Critical Event Exclusion list where discovered as part of the Event Log Check.

Exclude Events from Check

An exclusion list can be created for the specific Event Log Check. Select Exclude Events from Check, Add then enter the Event Source and Event ID to ignore.


The dialog also includes the option to manage the Exclusion List for this specific Event Log Check. Highlight the required entry then select Edit or Delete to amend as required.

Please note the exclusion options are only available when configuring the Event Log Check from the Dashboard.

Note: Wildcards [*} may be used in Event ID(s) and Event Source to search for any entries or in these fields.

Please be aware that time and date recorded for the discovered Events is based on the local time of the device and not the Dashboard timezone.