6 Replies Latest reply on Nov 29, 2009 7:41 PM by licensing@nlc.com.au

    Event Log Monitor - Help

      Hello,

      I am new to the IP Monitor Community and to the monitoring in general. I am trying to find out how to set up a monitor for the Event viewer. I could not find this info anywhere.

      What I'm trying to accomplish is to monitor a "Warning" or "Error" in the Application section of the Event Viewer for a specific string:

      "WARNING: exceeded"

      I would like the alert to be E-mail,.

      Thank you.

        • Re: Event Log Monitor - Help
          Fodome

          Hello atvrocks,

          Here's what you need to do:

          1. Click "Devices" tab.
          2. Click "All Managed Devices".
          3. Select the Device you wish to Monitor the Event Log on.  If this Device does not exist, you will need to go through "Add New Device" first.
          4. Click "Add -> Add New Monitors".
          5. On the left-hand side, click "Windows Based".
          6. On the right-hand side, click "Event Log".
          7. On this page, specify the Event Area, Event Type and enter the following for "Scenario #1: RegEx Pattern":

          (\i.*Warning: exceeded)

          Click OK and that should be all.  If and when a match is found, it should send you an Information Email Action, assuming this Monitor is associated with a specific Alert.   In order to verify this, simply go to "Configuration -> Alert List" and verify if any of the Alerts contain the Group or SmartGroup that has the Monitor in question, or make sure the Monitor is listed.

          Hope this helps.

          Sincerely,

          Chris Foley - SolarWinds - Support Specialist
          Support:  866.530.8040  |  Fax: 512.857.0125
          network management simplified  |  solarwinds.com

            • Re: Event Log Monitor - Help

              Chris - Thank you so much for your help .... it makes sense.

              I added the monitor and the alert - but when I'm trying to test - I'm getting :

              "Last Result:Logon failure: unknown user name or bad password; oserror: 0x52e"

              or:

              "Unable to open Event Log "Application" on "*****************". Reason: The ipMonitor 9 service context does not have the necessary privileges to impersonate"

              What user should I use?  Right now I am able to pull all the monitors via snmp with the admin credentials.

              Thank you again

                • Re: Event Log Monitor - Help

                  Got the answer - DOMAIN\user vs. user did it.

                  Thank you

                  • Re: Event Log Monitor - Help

                    I'm having the same problem.

                    However, I'm trying to monitor events on a system not added to the domain.

                    Getting errors:

                    "Logon failure: unknown user name or bad password; oserror: 0x52e"

                    and

                    "Unable to open Event Log "System" on "xxx.xxx.xxx.xxx". Reason: The ipMonitor service context does not have the necessary privileges to impersonate"

                    I've set up a service account on the non-domain machine and made it part of the local admins group.

                    I've set up the credentials in IPMonitor as follows:

                    Username: LOCALHOST\service account (also tried replacing LCOALHOST with the non-domain computer's actual name)

                    Password: *password used for service account on non-domain machine*

                    Is IPMonitor not capable of monitoring events on a machine not connected to the domain?

                  • Re: Event Log Monitor - Help
                    n5983v

                    This is what I need as well, but what screen are you in do these steps.    I see node manament but not tab or menu for All managed devices, where do I add the new monitors..

                     

                    thanks,

                    gary