The Event log monitor reads the event log and searches for messages that matches the monitor parameters. Only event log entries created after the previous test is included in the current test.
System type: Windows
Category: Log
If Use WMI is checked on the Advanced tab of the parent asset, WMI is used for this monitor. To monitor event logs under Applications and Services Logs, uncheck WMI since WMI is limited when it comes to the log files it can read.
If Use WMI is not checked, then two different APIs are used for reading the event logs, depending on Windows version. The API used for Windows Vista/Server 2008 differs from the one used for Windows Server 2003 or Windows XP.
Event Source string - (Optional) The source of the event.
Computer - (Optional) The computer that registered the log entry.
Event ID - Event ID number to trigger an alarm on. Separate multiple numbers with a comma. To include all event IDs, leave the field blank.
Event ID filter - Event ID number of events to filter out. Separate multiple numbers with a comma.
Filter including - If one or more strings exist in the event record message text, the record is included in the test, assuming all other criteria are met.
Filter excluding - If one or more strings exist in the event record message text, the record is not included in the test, assuming all other criteria are met.
Event type - The type of event to search for. If the alternative all is selected, all types of events are considered for the test.
Include message - If checked, the message text is include in the error report.
Event Log - Displays a predefined list of log names. Select a log to monitor.
Alt. Event Log - Alternative log name. Enter the name of the log to search. This setting overrides the Event Log setting.
Logon account - Overrides the default account selected for an asset.
