Monitoring Windows Event Logs

 

 

The Event Log is a Windows service that logs about program, security, and system events occurring in Windows devices. The events can be related to some application, system or security. You can monitor these events using OpManager and configure to generate alarms when critical events are logged. OpManager uses WMI to fetch the details of these logs and hence you need to provide the log on details of a user with administrative privilege to connect to the Windows machine.

 

You can view the list of all events monitored by OpManager, by clicking Event Log Rules under the Admin tab.

 

Monitoring Windows Events in a Device

 

 

To monitor Windows events, you need to associate the event log monitors with the device. To do so, follow the steps given below:

  1. Go to the device snapshot page.
  2. From the Actions menu, click Event Log Rules.
  3. Select the event logs to be monitored in the device.
  4. Change the Polling Interval if necessary. During each poll, the selected event logs are compared with the events logged in the device and for the matching events, alarms are generated.
  5. Click Save to save the changes.

 

Using the Quick Configuration Wizard

 

 

Alternatively, you can associate an event log rule with many devices at a time using Quick Configuration wizard.

 

  1. From the Admin tab, select Quick Configuration Wizard.
  2. Select the option Associate Event log rules to several devices and click Next.
  3. Select the log file from the displayed list.
  4. Select any one rule from the list of rules shown. Click Next.
  5. Select the devices on which you want to monitor the event logs from the column on the left and move them to the right.
  6. Click Finish. The event log monitor is associated to the selected devices.

 

Creating an Event Log Monitor

 

 

To create an event log monitor, follow the steps given below:

  1. Under the Admin tab, click Event Log Rules.

    In this page, you can see the rules supported by OpManager. They are categorized into Applications, Security, System, DNS Server, File Replication Service, and Directory Service. You can add the event logs that you want to monitor under any of these categories.

  2. Click New Rule under any one of the categories to add a rule in it.

    Entries to all the fields except Rule Name are optional. Event ID is a required field to identify the event but can be left empty in few exceptional cases, such as you want to monitor all events that are of the Event Types, say, error or information. Here the filter will be based on the Event Type.

  3. Click Add Rule to save the event log rule.

You can now associate this rule to the required devices.


Copyright © 2005-2009, ZOHO Corp. All Rights Reserved.
Network Monitoring Software from ManageEngine