Windows Event Log Monitor

So, I have been struggling with creating a monitor. What I am looking at doing is monitoring the "Microsoft-Windows-Backup/Operational" log on server 2008R2. I have a scheduled tack that runs on my domain controller that performs System State Back Ups (SSBU). WBAdmin.exe writes its events to this log. I want to scan the log for any failured "Event IDs 5,19,or 20" and if present show the status as down or critical. Everything I have tried either fails with No Event(s) matched, eventhought I know there are EventIDs 19 & 20 present in the log. Any pointers on correctly setting up this monitor will be greatly appreciated.

Thanks in advance

Smitty

Find more posts tagged with

patch12345

windows_event_log_monitor

Accepted answers

All comments

lukas.belza

Hello,

It looks like you want to monitor nested event logs which is not supported using WMI. The Windows Event Log monitor retrieves the data from Win32_NTLogEvent WMI class (from root\cimv2 namespace) and events from these types of log are missing in this class. Please look at the following thread:

azsmitty

Lukas - I had read the listed thread and wasn't sure if that was the same issue. I guess I will just need to wait for v5.5 to go to production release. Thanks for the rapid response!

Thanks again

Smitty

aLTeReGo

As Lukas stated above, these Windows Event Logs are not monitorable using WMI. The next release of SAM includes an RPC method for monitoring Windows Event Logs that you'll likely have greater success with. If you'd like to participate in the SAM Beta 5.5 you can sign-up here -> SolarWinds Orion SAM 5.5 Beta Participation Survey