Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi All,

Can anyone please help on the below request.

Need to monior a Event ID which presents in Applications and Services Eventlog.

The logs is stored locally under the following path (%SystemRoot%\System32\winevt\logs) …but this will be in a .evt format by default.

Regards

Kamal

Parents
  • Hi, Thanks for the solution given, but it works only for the Event log names of Security, application and system. I have attached a document where i need to configure the policy for Event ID which is present in the folder Microsoft-Windows-TerminalServices-SessionBroker which is under log name of Applications and Services. Can you please help on the same for. Regards Kamal
  • Hi Kamal,

    You can monitor a different log by entering the name shown in the "source of" field of the event. For example, to monitor Event ID 1149 from TerminalServices Remote Connection Manager log just change the default "Event log name" value to TerminalServices-RemoteConnectionManager and the policy will go to default Windows EVT path %SystemRoot%\system32\winevt\logs where all logs under Applications and Services Logs are saved.

    Hope this helps,

    Regards,

Reply
  • Hi Kamal,

    You can monitor a different log by entering the name shown in the "source of" field of the event. For example, to monitor Event ID 1149 from TerminalServices Remote Connection Manager log just change the default "Event log name" value to TerminalServices-RemoteConnectionManager and the policy will go to default Windows EVT path %SystemRoot%\system32\winevt\logs where all logs under Applications and Services Logs are saved.

    Hope this helps,

    Regards,

Children