Import remote Windows Event Log entries into the Orion Database

jboomer72

I'm looking for a way to import specific Windows Event Log entries to the Orion Database.  I'm aware of the SysLog abilities in Orion, and I've gone down the path of installing Log Forwarder.  Log Forwarder works great for log events with a minimal amount of data, but some of the Oracle generated events we're trying to monitor provide more data than I can fit into a SysLog entry.  Perhaps I'm doing something wrong?

I've temporarily worked around this by writing a script launched by the Windows Scrip Monitor component to get any events fitting a certain criteria and then sending an email alert directly from the script itself and bypassing the Orion monitoring.  But I would really like to have the ability to monitor a Windows Event Log for certain criteria, when found, pipe the entire contents of that event into the database and build my alerting and reporting around that.  Is this possible?  I tried using the built-in Event Log Monitor, but that only alerts me if a certain event is found, it doesn't actually capture or import the event details.

On a similar note, is there a way to watch a file and import it's contents through conditions or timing?

Thanks for your help, I've only been working in Orion for the last few months, so I apologize in advance for any n00b questions.  ;)

jiri.tomek

Hello Jason,
as you mentioned, our Event Log monitor can alert you on presence of some vents but it doesn't give you the contents of event so you can't work with them in alerts.

You can use Windows Script Monitor as you do now but instead of sending an email to you you can return "Message" field that can contain event text and that is stored into database. Then you can use it in your alerts. However in APM 3.5 there is currently limitation on message field length that is set to 250 characters.