Info |
---|
The Windows Event Viewer allows you to view a log of things that have happened on a Windows computer. Windows typically generates hundreds of events and it is not practical for an administrator to watch over all of these events. However, you may find that there are some events which are worthy of note, and may foreshadow something unpleasant. VitalSigns allows you to set triggers on remote Windows machines and will send you a proactive alert when an event matching the pattern you provide appears in a Windows event log. As a rule of thumb, you should try searching by the general description, or the Event ID and the Source, or a combination of those values. Just remember that the Event ID is not unique… every application can generate an event with the same Event ID so there is potential for a lot of overlap. You can’t just search for “Event ID 122” because you may get a lot of false alerts about events from applications you don't really care about. |
- Go to Servers & Devices -> Microsoft Windows -> Event Log Scanning
- Enter a name for the Event Definition
- Click the New button under the Event Definition textbox
- Enter the corresponding information (Note: you can reference the Windows Event Viewer as the OS level to obtain the necessary information. The diagram below shows how the event viewer matches up to the form.)
- Any field left blank will match any value in the event log.
- Any field filled in will limit the events which trigger alerts.
- The Event Key field will match text that appears in the event description. In the case below, it will match words in phrase "The Software Protection service has stopped."
- Select the server(s) and/or locations where you want to scan the event log
- Click OK to save the changes
Note | ||
---|---|---|
| ||
The regular fields on the event viewer windows display contain:
|