Windows Event Log Rules

Introduction

This section is common to all the editions of IT360 - Professional Edition, Enterprise Edition (Probes only) and MSP Edition (Probes only).

By using this option, you can monitor various Windows events. The events received will be displayed in the Windows Monitor details page. Also, you can generate Alerts in IT360, based on the configured rule. For e.g., when an event, of type Error, occurs in System Log, you can generate a critical alert, which in turn will affect the Health of the Windows Monitor.

Note: Event Log Monitoring is available in Windows Installations and in WMI mode of monitoring, only.

Configuring Event Log Rules comprises of the following:

  1. Event Logs Rules Configuration

  2. Windows Azure Logs Rules Configuration


1. Event Logs Rules Configuration

1.1 List of Log Files

For receiving windows events, you have to configure Event Log Rules. You can get notified by the events from the following Log Files

1.2 Steps to Add a New Event Log Rule

  1. Login to IT360 console with the Username and Password of an Admin user.

  2. Click the Admin tab in the header pane.

  3. Click Log Rules under Alarms.

  4. To add new event log other than what are available by default, click the link Add New Event Log in the right bottom corner of the wizard.

  1. Under Event Logs Rules Configuration, click New Rule under the respective category. The Add New Rule wizard is shown.

  1. Enter the Rule Name, of your choice.

  2. Enter the Event ID, associated with the Event Log File (not mandatory).

  3. Choose the Event Type - Event of Any Type, Error, Warning and Information.

Note: In case of Security Events, the types would vary between Success Audit and Failure Audit.

  1. You can configure Alarm, with severity level either as Critical, or Warning.

  2. At the outset, you can Enable or Disable the Rule Status.

  3. By clicking on Advanced Options, you can formulate the rule, more specifically, by associating the Source, Category, Username, Description content of the incoming event, and Log File Type (The available File types are Application, System, Security, File Replication Service, DNS Server and Directory Service), to the Alert severity. e

For e.g., select the Log File as [System] and Event Type as [Error] , to get all events of type Errors from the System Log File.

  1. After entering all the above details, click Create Rule.

Top

1.3 Deleting a New Event Log

New Event logs created by the user can be deleted. Remember that the event logs added by default cannot be deleted.

  1. Login to IT360 console with the Username and Password of an Admin user.

  2. Click the Admin tab in the header pane.

  3. Click Log Rules under Alarms.

  4. Under Event Logs Rules Configuration, click the Delete link under the respective category.

Top


2. Windows Azure Logs Rules Configuration

Using this option, you can monitor Windows Azure Trace logs and Diagnostic Infrastructure logs. For Linux versions of ManageEngine IT360, log rules can be defined for event logs of Windows Azure. For this, you have to first configure Trace Log Rules and Diagnostic Infrastructure log rules. The logs received will be displayed in the details page of the Windows Azure Role Instances. Also, you can generate alarms in IT360 based on the configured rule.

For e.g., when an event of type Error occurs in the System Log, you can generate a critical alarm. This alarm will, in turn, affect the Health of the Windows Azure Role Instance.

Under Windows Azure Logs Rules Configuration, you can configure:

2.1 Configuring New Rule for Windows AzureTrace Logs

  1. Login to IT360 console with the Username and Password of an Admin user.

  2. Click the Admin tab in the header pane.

  3. Click Log Rules under Alarms.

  4. Click the Windows Azure Logs Rules Configuration tab.

  5. Click New Rule under the respective category. The Add New Rule wizard is shown.

  1. Enter a Rule Name.

  2. Enter the Event Id of the rule that you are creating

  3. Enter the String that the message contains.

  4. Select the Event TypeAny Type, Error, Warning or Information

  5. You also have the option to set the severity of the alarm as Critical or Warning.

  6. You can Enable or Disable the rule status.

  7. Click on the Create Rule button.

The new rule wil be displayed in the Trace Logs. You can edit the rules by clicking on the Edit Rule icon. You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button. 

Top

2.2 Configuring Diagnostic Infrastructure Logs

To configure a new rule for Diagnostic Infrastructure Logs:

  1. Login to IT360 console with the Username and Password of an Admin user.

  2. Click the Admin tab in the header pane.

  3. Click Log Rules under Alarms.

  4. Click the Windows Azure Logs Rules Configuration tab.

  5. Click on New Rule at the right hand corner of the Diagnostic Infrastructure Logs box.

  6. In the Add New Rule for Diagnostic Infrastructure Logs form, give the below details:

  1. Enter the Name of the rule that you wish to create.

  2. Enter the Error Code of the rule that you are creating.

  3. Enter the string that the message contains.

  4. Enter the string that the Error Message contains.

  5. Select the event type: Any Type, Error, Warning or Information.

  6. You also have the option to set the severity of the alarm as critical or warning.

  7. You can Enable or Disable the rule status.

  8. Click the Create Rule button.

The new rule wil be displayed in the Diagnostic Infrastructure Logs. You can edit the rules by clicking on the Edit Rule icon. You can also enable, disable and delete one or more rules by selecting the rule(s) and clicking the Enable, Disable or Delete button.

Top



Copyright © 2014, ZOHO Corp. All Rights Reserved.