Navigation:  Remote Monitoring and Management > Proactive Monitoring > Windows Server and Workstation Monitoring > 24x7 Checks >

Event Log Check

Previous pageReturn to chapter overviewNext page


The Event Logs are repositories of information that have detailed data on the status of the system written to them by applications and Windows components.


The Event Log Check monitors the Event Logs and can be configured to query a specific Event Log based on the following indicators Event ID, Event Type, Event Source and Description. Alerting where the specified information is, or is not, discovered in an Event Log entry.


Multiple Event Log Checks may be created on the same device for both 24x7 (business critical events you wish to be alerted to as soon as they occur, for example licence failures, virus detection etc) and Daily Safety Checks (for example a backup job has completed or an Antivirus program updated).


Please note, for Application and Security Event Logs the Event Log Check only retrieves information from the root level, it does not query any sub-level logs.


Check configuration

The check is configured via the Dashboard or Advanced Monitoring Agent:



Log on to the Dashboard, select the target device in the north pane of the Servers or Windows tab then choose the Checks tab.



From the Add Check drop-down go to Add 24x7 Check, Event Log Check

Configure the Check*



Select the required Event Log Check in the south panel then of the Checks tab then from the Checks drop-down Edit Check, configure as required.



Select the required Event Log Check in the south panel of the Checks tab then from the Checks drop-down Delete.

Enter the password of the user you have logged on to the Dashboard under to confirm deletion.

Link Check to On-Check Failure Automated Task


We have included the ability to run a Automated Tasks when a Check fails to, for example automatically dealing with cause of the failure, and with Dashboard 6.21 we have simplified its configuration process by incorporating the option to assign an On-Check Failure Automated Task when adding or editing a Check in the Checks tab for the Dashboard. Further information on this process is available in the section: Link Check to On-Check Failure Automated Task



After logging into the Advanced Monitoring Agent on the target machine go to Settings in the 24x7 Checks section, Configure checks, Event Log Check



Click Add

Configure the Check*



Select the required Event Log Check click Edit then configure as required.



Select the required Event Log Check and click Delete


Whichever management option is selected click OK to apply changes.


Dashboard: Add or Edit Check Behaviour

Pre-Agent 10

When a Check is added or edited from the Dashboard the new settings are downloaded to the Agent the next time it communicates back to the Dashboard and applied when all of the Checks of that frequency type next run.

From Agent 10

Any changes to the Check actioned from the Dashboard are applied immediately with the Check automatically re-run when the settings are received. This ensures that the users can almost instantaneously see the effects of any Check addition or modification; with the time this individual Check ran reflected in its Date/Time column.

Please be aware that due to this improvement, the Date/Time may differ between Checks running at the same frequency.





Descriptive Name

The first stage is to give the check a meaningful name for identification on the Dashboard and in Alerts.


Event Log to check

The Agent automatically detects the installed Event Logs, which are selectable from the drop-down menu.


Alert when

This threshold determines when an alert is generated. The options here are to Alert when the Log contains or Log does not contain the following information:


Event ID(s)

The identification number associated with the Event, this may be specific to this Event or generic used for multiple Events. Use comma separation to enter multiple Event IDs.


Event Type

There are five possible Event Types recorded in the Event Log and any permutation of these may be selected. They are defined by Microsoft as:


Information: An event that describes the successful operation of an application, driver, or service.


Error: A significant problem, such as loss of data or loss of functionality.


Warning: An event that might not be significant, but might indicate a future problem.


Success Audit: An audited security access attempt that succeeds.


Failure Audit: An audited security access attempt that fails.




Event Source

The Event Source is the application or Windows component that generates the Event.


Message contains string

The Agent can be configured to search for specific text within the Event description and this can include wildcard entries [*], for example drive * failed. The information contained within the Event description allows for the monitoring of specific problems or the programs status.


Please note: Wildcards [*} may be used in Event ID(s) and Event Source to search for any entries or in these fields.




Event Exclusion from Agent 8.9.2 onwards

The following options are available from Agent 8.9.2 when configuring the Event Log Check from the Dashboard.

Apply Critical Events Exclusion List

Tick this box to ignore those Events already entered in the Critical Event Exclusion list where discovered as part of the Event Log Check.

Exclude Events from Check

An exclusion list can be created for the specific Event Log Check. Select Exclude Events from Check, Add then enter the Event Source and Event ID to ignore.


The dialog also includes the option to manage the Exclusion List for this specific Event Log Check. Highlight the required entry then select Edit or Delete to amend as required.




More Information

Once the Check results are uploaded to the Dashboard details of the output can be viewed in the More Information section along with links to the following resources for further information on the Event


Please be aware that time and date recorded for the discovered Event is based on the local time of the device and not the Dashboard timezone.