Windows event logs are detailed records of events within your system. They store information about your system, applications, and security. The Windows Event Log Event Monitor is the best way to detect events and get alerts as it can monitor any event logs you choose. The wide variety of filtering options ensures you get the alerts you need while filtering out the ones you don't.
First, right-click on the "Default Group" in the event monitors tab and select "Add Event Monitor". Select the Windows Event Log Event Monitor. Select your network device with the network device chooser button. Under Windows Event Log Event Monitor Settings, you can choose the event log you would like to monitor: systems, application, or security. There is an option to monitor other types of event logs, which will be discussed later in this tutorial. The four check boxes below this menu allow you to select specific monitoring parameters.
Event Log Monitoring Options
The first check box will give an alert of your choosing if the device you have chosen cannot be contacted. The second will warn you when the event log is full. The third check box will alert you if the event log you have chosen exceeds a specific amount of entries. You can specify the number of entries that will trigger each level of alert.
Expanded Fourth Check Box
The final check box expands with many different options for alerting when specific events are found. For each of these three expanded check box options, you have three choices when filtering what sort of alerts you want to receive. You can choose to be alerted only about what you type in the text boxes, but you can also be alerted about everything except what you type in the text boxes. Select "Do not filter by" to ignore a filter altogether. Separate the values entered into the text boxes with commas.
Each event record contains an event ID. The event ID usually uniquely identifies an event from a particular source; however, this can vary depending on the application or service that generated the event. Different sources may use the same event ID; however, events from a particular source should have their own unique IDs. You can find the event ID in the Event Viewer on your Windows device. Open the Event Viewer and find the event you would like to sort by. Its event ID will be located to the right of the event itself.
Event ID Highlighted in Red
You can also sort alerts by the event source. To find the event source, open Event Viewer on your Windows device and find an example of the type of event you would like to get alerts about. The event source will be displayed next to the event. When the option to sort by the event source is turned on, the monitor will use the source you enter as a filter.
Source Highlighted in Red
Sorting by event text will filter text that you specify into or out of the event monitor. You can choose text that you would like to receive alerts about, or choose text that you would like to suppress alerts about. You can find event text in the Event Viewer by selecting an event. It will appear in the gray box below the event. You can choose to enter the entire message associated with the event or choose a few keywords.
Event Text Highlighted in Red
Now that you know where to find these values, you can choose how to sort them. You can choose to be alerted only about what you type in the text box, but you can also be alerted about everything except what you type in the text box. Select "Do not filter by" to ignore a filter altogether. These options can be accessed via the dropdown menu next to each filtering option. Sorting by event ID and by source are more specific sorting options, while sorting by event text is more generalized. When adding values to any of the text boxes mentioned above, put a comma between separate values.
The five check boxes below the event IDs, source, and event text filters are more options to refine your filtering. The first one puts a limit on how many matching events are shown in the event monitor. The second option, which should be turned on for most monitoring purposes, only alerts you to new event log records. The third option will always report a success when matches are found. The fourth option allows you to choose the thresholds for the number of entries the event monitor finds, and to be alerted if that number exceeds the values you choose. Option five will automatically export matching events to a SQL server database. When you check this box, there will be a text box that drops down where you can enter the information of the SQL server you would like this information to upload to.
Expanded View of Five Check Boxes
In the first part of this tutorial, we explained how to monitor the three main types of event logs. There is an option to monitor another type of event log, which you can access via the event log dropdown menu. Select "Other Event Log" and a textbox will appear to the right. Open Event Viewer on your Windows device and select the folder called "Application and Service Logs". Once you find the log you would like to monitor, right-click on it and select "Properties". The full name will be displayed at the top. You can copy this name and paste it into the "Other Event Log" text box in FrameFlow.
Finding and Copying the Event Log's Full Name
Next, choose the authentication profile you would like to use when accessing this event monitor. You can leave the other settings at their default values for now. After running the monitor a few times, you may want to edit the schedule settings to better fit your specific needs. At this point, you can run the event monitor and begin collecting values.
In this tutorial, we showed you how to set up the Windows Event Log Event Monitor for the three main types of event logs: systems, applications, and security. We also explained how to monitor other types of event logs and where to find their full names in Windows Event Viewer. For all types of event logs, we described how to filter events based on the inclusion and exclusion of specific keywords, IDs, and sources. Refer to our Windows Event Log Event Monitor reference guide for more documentation on this event monitor. Continue to check the Features section for new tutorials on related topics!
More IT Monitoring Features