Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi All,

Can anyone please help on the below request.

Need to monior a Event ID which presents in Applications and Services Eventlog.

The logs is stored locally under the following path (%SystemRoot%\System32\winevt\logs) …but this will be in a .evt format by default.

Regards

Kamal

Parents
  • Hi Kamal,

    You can monitor  using Windows Event Log Policies. This policy is designed to read the .evt files Windows Event Viewer uses.

    Right-click in the Windows Event Log branch that is in the left pane under (Policy management - Policies grouped by type - Agent Policies - Windows Event Log), then choose New - Policy. The policy editor will launch. Select the "Rules" tab and then add a new rule.

    There you will have the option to choose your specific event id for the selected windows log. You can also leave it blank for the rule to evaluate any event id of the selected log.

    Regards,

Reply
  • Hi Kamal,

    You can monitor  using Windows Event Log Policies. This policy is designed to read the .evt files Windows Event Viewer uses.

    Right-click in the Windows Event Log branch that is in the left pane under (Policy management - Policies grouped by type - Agent Policies - Windows Event Log), then choose New - Policy. The policy editor will launch. Select the "Rules" tab and then add a new rule.

    There you will have the option to choose your specific event id for the selected windows log. You can also leave it blank for the rule to evaluate any event id of the selected log.

    Regards,

Children
No Data