Monitoring Studio: Configuring Windows Event Logs Monitoring

  • kb1210
  • Jan. 5, 2018
  • 2 min read

How to monitor Windows Event Log with Monitoring Studio.

Best Practice Windows Event Logs

Related Topics

What Event Log Information is Required?

The following information is required to configure Windows Event Logs monitoring:

  • The Event Log Name
  • The Provider Name
  • The Event IDs if you want to filter the events

How to Get the Required Information?

To get the required information:

  1. Open the Event Viewer
  2. Browse to the Event log you wish to monitor
  3. Select an event to display its details (in our example, TaskScheduler > Operational)
  4. In the General tab, look for the Log Name and the Event ID (in our example, "Microsoft-Windows-TaskScheduler/Operational" and "102")

    Monitoring Windows Event Logs - Obtaining the Log Name and Event ID

  5. Select the Details tab and look for the Provider Name (in our example: Microsoft-Windows-TaskScheduler)

    Monitoring Windows Event Logs - Obtaining the Provider Name

You now have all the information required to configure the Event Logs Monitor.

Configuring the Event Logs Monitor

To configure the Event Logs Monitor:

  1. Create a monitoring policy:
    1. Log on to the TrueSight console.
    2. In the navigation pane, expand Configuration and select Infrastructure Policies.
    3. In the Infrastructure Policies page, ensure that the Monitoring tab is selected and click Create Policy.
    4. Specify the monitoring policy properties
    5. Select the PATROL Agent on which the policy will be applied.

      Monitoring Windows Event Logs - Creating the Monitoring Policy

  2. Configure Monitoring Studio:
    1. Click the Monitoring tab.
    2. Click Add Monitoring Configuration.
    3. In the Add Monitoring Configuration panel, select Monitoring Studio from the Monitoring Solution menu

      Monitoring Windows Event Logs - Adding Monitoring Configuration

  3. Configure the Event Logs Monitor:
    1. Click inline to add a Monitor Group
    2. Provide the Monitor Group information
    3. Scroll down to the Event Logs section and click inline

      Monitoring Windows Event Logs - Configuring the Event Logs Monitor

    4. Enter the Event Log Name and the Provider Name you previously obtained through the Event Viewer
    5. (Optional) Enter the Event ID(s) to include or exclude from monitoring

      Monitoring Windows Event Logs - Configuring the Event Log Information

    6. Scroll down to the Monitor Settings section and provide the Internal ID and Display Name

      Monitoring Windows Event Logs - Providing the Monitor Settings

    7. Click OK twice
    8. Click Save.
Best Practice Windows Event Logs