Remote Monitoring & Management Help

Event Log Check

The Event Logs are repositories of information that have detailed data on the status of the system written to them by applications and Windows components.

The Event Log Check monitors the Event Logs and can be configured to query a specific Event Log based on the following indicators Event ID, Event Type, Event Source and Description. Alerting where the specified information is, or is not, discovered in an Event Log entry.

Multiple Event Log Checks may be created on the same device for both 24x7 (business critical events you wish to be alerted to as soon as they occur, for example license failures, virus detection etc) and Daily Safety Checks (for example a backup job has completed or an Antivirus program updated).

For Application and Security Event Logs the Event Log Check only retrieves information from the root level, it does not query any sub-level logs.

Add

  1. Select the device in the north pane of the Dashboard
  2. Go to the Checks tab
  3. Click Add Check
  4. Choose Add 247 > Event Log Check
  5. Configure settings
  6. To run an Automated Task when the Check fails choose Assign a Task after creating the Check
  7. OK to save and apply
  8. Where Assign a Task after creating the Check is selected:
    1. Select the script
    2. Click Next to configure
  9. Enter the Command Line parameters (if required)
  10. Set a Script timeout in the range 1 - 3600 seconds (default 120 seconds)
  11. Click Finish to save and apply

Edit

  1. Select the device in the north pane of the Dashboard
  2. Go to the Checks tab
  3. Select the target Event Log Check
  4. From the Check drop-down
  5. Click Edit Check (also available from the Check's right-click menu)
  6. Configure the settings
  7. Click OK to save and apply

Delete

  1. Select the device in the north pane of the Dashboard
  2. Go to the Checks tab
  3. Select the target Event Log Check
  4. From the Check drop-down
  5. Click Delete Check (also available from the Check's right-click menu)
  6. Enter the password you have logged into the Dashboard under to confirm removal
  7. Click OK to delete

Event Log Check Settings

Descriptive Name

The first stage is to give the check a meaningful name for identification on the Dashboard and in Alerts.

Event Log to check

The Agent automatically detects the installed Event Logs, which are selectable from the drop-down menu.

Alert when

This threshold determines when an alert is generated. The options here are to Alert when the Log contains or Log does not contain the following information:

Event ID(s)

The identification number associated with the Event, this may be specific to this Event or generic used for multiple Events. Use comma separation to enter multiple Event IDs.

Event Type

There are five possible Event Types recorded in the Event Log and any permutation of these may be selected. They are defined by Microsoft as:

  • Information: An event that describes the successful operation of an application, driver, or service.
  • Error: A significant problem, such as loss of data or loss of functionality.
  • Warning: An event that might not be significant, but might indicate a future problem.
  • Success Audit: An audited security access attempt that succeeds.
  • Failure Audit: An audited security access attempt that fails.
  • Success/None:

Event Source

The Event Source is the application or Windows component that generates the Event.

Message contains string

The Agent can be configured to search for specific text within the Event description and this can include wildcard entries [*], for example drive * failed. The information contained within the Event description allows for the monitoring of specific problems or the programs status.

Wildcards [*} may be used in Event ID(s) and Event Source to search for any entries or in these fields.

Event Exclusion from Agent 8.9.2 onwards

The following options are available from Agent 8.9.2 when configuring the Event Log Check from the Dashboard.

Apply Critical Events Exclusion List

Tick this box to ignore those Events already entered in the Critical Event Exclusion list where discovered as part of the Event Log Check.

Exclude Events from Check

An exclusion list can be created for the specific Event Log Check. Select Exclude Events from Check, Add then enter the Event Source and Event ID to ignore. The dialog also includes the option to manage the Exclusion List for this specific Event Log Check. Highlight the required entry then select Edit or Delete to amend as required.

critical_event_excludsion_check

More Information

Once the Check results are uploaded to the Dashboard details of the output can be viewed in the More Information section along with links to the following resources for further information on the Event: EventID.net, Google, Bing, Microsoft or Yahoo

The time and date recorded for the discovered Event is based on the local time of the device and not the Dashboard timezone.

event_log_check