Registry Event Monitor Reference Guide
Registry Event Monitor
Monitors Windows Registry on remote machines.
Overview
This event monitor connects to the registry on your network devices and checks the keys and values that you specify. It can connect to the HKEY_LOCAL_MACHINE root or the HKEY_CURRENT_USER root for specified SIDs.
Use Cases
- Monitoring specific keys and values while ignoring others
- Receiving alerts based on missing values or keys
Monitoring Options
This event monitor provides the following options:
Root
Select HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER depending on the registry root that your target key resides in. For HKEY_CURRENT_USER you can select to check all SIDs (in other words check the registry for all users) or select to check the SIDs for individual users only. To specify multiple SIDs enter each SID on a separate line.
Key
Enter the registry key that the event monitor will check. To avoid typos it is often a good idea to copy/paste this value from the Windows registry editor.
Value Name
Enter the value name that the event monitor will check.
Value Type
Use this option to tell the event monitor the data type of the value and have it show the corresponding comparison options.
Alert with [Info/Warning/Error/Critical] if the device cannot be contacted.
Use this option to alert if the event monitor cannot connect to the network device.
Alert with [Info/Warning/Error/Critical] if the specified key is missing
With this option enabled the event monitor will alert you if it was able to connect to the registry but the specified registry key was not found.
Alert with [Info/Warning/Error/Critical] if the specified value is missing
With this option enabled the event monitor will alert you if it was able to connect to the registry and access the specified key but the value name that you entered was not found.
Alert if the value is greater than a specified value.
Use this option to get alerts if the detected value is greater than the thresholds that you define. For use with DWORD value types only.
Alert if the value is less than a specified value.
Use this option to get alerts if the detected value is less than the thresholds that you define. For use with DWORD value types only.
Alert with [Info/Warning/Error/Critical] if the value contains the text [text]
Use this option to get alerts if text that you specify was found in the value. For use with String value types only.
Alert with [Info/Warning/Error/Critical] if the value does not contain the text [text]
Use this option to get alerts if text that you specify was not found in the value. For use with String value types only.
Show the retrieved value in all notifications
With this option enabled the event monitor will include the retrieved value in all alerts and notifications.
Authentication and Security
The account used for authentication must have permission to search the registry and have access to the keys and values being monitored.
Protocols
Data Points
This event monitor generates the following data points:
| Data Point | Description |
|---|---|
| Registry Value | The name/data pairs retrieved. |
Sample Output
Tutorial
To view the tutorial for this event monitor, click here.
Comments
Add a comment