1 Reply Latest reply on Jan 27, 2011 9:05 AM by animelov

    Windows event logging

    sonnytaite

      Hi All,

      Does anybody have a good understanding of how windows eventlog collections in Profiler works?

      I can see two types of windows event log options:
      1. Specific windows event monitor
      Rules based on specific windows events seems pretty straight forward, e.g. create a rule to alert on eventID 8143 etc.

      2. General "windows event logs" section for a monitored windows server.
      I can see that you can enable this with yes/no and then select debug/info/warning/error/fatal error from a drop down. Not much other information about this feature or what it does. I can also see a quick report for windows events which covers all servers, specific event id's and specific servers events..... nothing seems to populate into this report, even if I enable windows event log collection.

      Windows 2008 also has alot more eventlogs than 2003 so I guess this is not yet on the supported list as the drop down doesn't provide options or freeform selections.

      I am interested in knowing about the ability to collect events from warning up through error/fatal error for each windows server and having that information viewable in reports for each server and then maybe in a grouping, so an example would be running a report for all windows events warning and above for group "critical servers".

      Is this possible in Profiler?

       

      thanks.

        • Re: Windows event logging
          animelov

          Specifically, the only thing that Profiler is doing as far as Window Event Logging is concerned is just alerting on events that happen.  The debug/info/etc. is the level of the logging in Profiler

           

          To configure those, first, turn on Event log monitoring.  Then go to Settings --> Rules, and add a new Windows Event log rule.  Once you finish creating the rule, go to Settings --> Policies, and add the rule to the policy that the Windows host(s) belong in (probably the default OS policy if you've never created one before).  Once added, 'push' the policy, and then you should start getting alerts for whenever that event takes place.

           

          If you are looking for more granular detail on Windows Event logs, you might want to look into the Kiwi family of products that we offer.  Let me know if you have anymore questions!