Event Log Sensor (Local or Remote)
Event Log Sensor (Local or Remote)
The system sensor "Event Log" monitors the Windows event log on any accessible computer in the network.
The following fields are particular to this type of sensor and decide when the sensor can trigger a notification. To trigger the notification all fields must match with an entry (that was added since the last sensor request) from the selected event log. An empty field means 'match every entry'. These fields reflect the corresponding values in the event log.
· Log File: Choose one of the following: Application, System, Security.
· Machine Name: Enter the name of the computer where the Event Log to be monitored is located (leave empty for local machine).
· Event Type: Select which event type can trigger an On Change / Trigger notification.Choose one of the following: Any, Error, Warning, Information, Audit Success, Audit Failure.
· Event Source: Select which program can trigger an On Change / Trigger notification (leave empty for any).
· Event Category: Select which event category can trigger an On Change / Trigger notification (leave empty for any). Attention: May not work with a remote event log sensor!
· Event User: Select the user whose events can trigger an On Change / Trigger notification (leave empty for any). Attention: May not work with a remote event log sensor!
· Event Computer: Select the computer whose events can trigger a DOWN sensor state (leave empty for any).
· Event Message: Enter a string (case insensitive) which the event message has to contain to trigger an On Change / Trigger notification (leave empty for any). Attention: Remote event log messages and messages from the security event log may have a different content as found in the Windows Event Viewer.
Please note:
· Only those events are monitored that are added since the start of the sensor request. Older event log entries do not trigger notifications.
· Only "On change" notifications are triggered.
· Only one notification is triggered for events between two scans of the sensor, even if there was more than one event. This notification is triggered for the first event after the scan prior to the actual scan. There is currently no way of triggering one notification for each event.