UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
drenze
Absent Member.. Absent Member..
Absent Member..
‎2013-03-29 16:46
191 views

Windows Event Log Monitor

Jump to solution

I have a team that wants to receive a warning e-mail every time one of their servers restarts. Based on what I've been able to find, the easiest way to do this is to set up a Windows Event Log Monitor for Event ID 6005, which the Event log service should only generate after a reboot.

 

My Settings configuration is below; any fields not listed are blank:

 

Server: MY_SERVER

Log name: System

Event type: Information

Run alerts: For each event matched

Source and ID match: /EventLog:6005/

 

 

I've been running this against a test server and it does not pick up event 6005 from the System log, even if I leave the Source off and just run against /6005/. Help?

Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
drenze
Absent Member.. Absent Member..
Absent Member..
‎2013-04-01 15:54

Jump to solution

It wasn't picking up the counter.

 

I ended up having to change my source/ID match. I changed it to:

 

/EventLog[\W]+6005/i

 which matches it correctly now.

 

 

View solution in original post

0 Likes
Reply
Report Inappropriate Content
4 Replies
kenneth.gonzale
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2013-04-01 15:47

Jump to solution
|s it not picking up the counter or not firing your alert? Check dashboard.

Also, remember that NTLog monitor will pick only entries newer than monitor creation time or last run time, meaning that if you create the monitor and your event was already created then it will not pick it up even on first run when you hit verify&save
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
0 Likes
Reply
Report Inappropriate Content
drenze
Absent Member.. Absent Member..
Absent Member..
‎2013-04-01 15:54

Jump to solution

It wasn't picking up the counter.

 

I ended up having to change my source/ID match. I changed it to:

 

/EventLog[\W]+6005/i

 which matches it correctly now.

 

 

View solution in original post

0 Likes
Reply
Report Inappropriate Content
drenze
Absent Member.. Absent Member..
Absent Member..
‎2013-04-03 14:44

Jump to solution

OK...I got the monitor to pick up the item in the log and raise a Warning after server restart. However, now I can't get it to trigger an alert based on the Warning. I've got no issues sending warning alerts for other items, but definitely for this item. Any further thoughts?

 

Thanks again.

0 Likes
Reply
Report Inappropriate Content
Disconnected
Absent Member.. Absent Member..
Absent Member..
‎2013-04-04 20:48

Jump to solution

Try recreating the monitor from scratch - it's probably corrupted.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.