Windows Event Log Rules

Introduction:

This section is common to all the editions of IT360 - Professional Edition, Enterprise Edition - Probes only and MSP Edition - Probes only.

By using this option, you can monitor various Windows events. The events received will be displayed in the Windows Monitor details page. Also, you can generate Alerts in IT360, based on the configured rule. For e.g., when an event, of type Error, occurs in System Log, you can generate a critical alert, which in turn will affect the Health of the Windows Monitor.

Note: Event Log Monitoring is available in Windows Installations and in WMI mode of monitoring, only.

List of Log Files:

For receiving windows events, you have to configure Event Log Rules. You can get notified by the events from the following Log Files

• Application (By default Event Log rule is configured for any Application Error)

• System

• Security (By default Event Log rule is configured for any Security Failure)

• File Replication Service

• DNS Server

• Directory Service

Steps to Add a New Event Log Rule:

Follow the steps given below, to add a new Event Log rule;

1. Go to 'Admin -> Servers & Applications -> Event Log Rules'.

2. Click on New Rule, to add a new rule, under the respective category. The  Add New Rule wizard is shown.

3. Enter the Rule Name, of your choice.

4. Enter the Event ID, associated with the Event Log File (not mandatory).

5. Choose the Event Type - Event of Any Type, Error, Warning and Information.

Note: In case of Security Events, the types would vary between Success Audit and Failure Audit.

6. You can configure Alarm, with severity level either as Critical, or Warning.

7. At the outset, you can Enable or Disable the Rule Status.

8. By clicking on Advanced Options, you can formulate the rule, more specifically, by associating the Source, Category, Username, Description content of the incoming event, and Log File Type (The available File types are Application, System, Security, File Replication Service, DNS Server and Directory Service), to the Alert severity.

For e.g., select the Log File as [System] and Event Type as [Error] , to get all events of type Errors from the System Log File.

9. After entering all the above details, click on Create Rule.

Top