Read Windows System Event log using logfile monitor

I'm trying to find a way to ignore the entries in the windows system log, that were created during the time the monitor was in a disabled state. I'm unable to achieve this with a 'Windows Event Log Monitor' as the monitor reads the earlier entries after it is enabled.

I set the path in a logfile monitor to System.evtx log file. The monitor is able to get the size of the file and number of lines in the file, but unable to do a regex match. I tried multiple encoding types, but none gave a readable output.

Can anyone help me come up with a solution. Thank you.

SiteScope v2019.02/11.70

Tags:

  • Hi Raj,

    Hope you are doing great,

    About your question, it won't work with a RegEx, as the monitor will always check the first entries. Something you can do is to configure a Script Monitor related to system event log. It has to be configure, so when the Event Log Monitor is disable the Script Monitor has to be enable, and it will delete the log entries created during the time the monitor is in disabled state.

    But this funtionality hyas to be build by your side. 

    Please let me know if it works you.

     

    Best Regards,