I am trying to use the Microsoft EventLog monitor to look for specific events across all Windows servers. I want to be able to use 1 monitor per server but check for multiple eventIDs and process them differently.
So far, I have successfully set up the monitor look for 3 events - 7001 for logons, 6009 for server restarts, and 55 for NFTS file corruption. The logons are just for testing since I can create a new entry every time i log into a server for now. I don't want each of these to always be an error/warning/etc.. Basically, I need to know how to populate the "value" counters so I can create specific thresholds.
The monitor reference guide says to use the Description Match field to look at the event's description. So, I added "/Logon/" in there to see if it would grab a logon event. The monitor works and catches occurrences of the 7001 logon event, but the value fields do not show any data.
How can I get the value(0-4) fields to populate with data from the captured events?