Absent Member.. Kamalakannan622 Absent Member..
Absent Member..
214 views

Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi All,

Can anyone please help on the below request.

Need to monior a Event ID which presents in Applications and Services Eventlog.

The logs is stored locally under the following path (%SystemRoot%\System32\winevt\logs) …but this will be in a .evt format by default.

Regards

Kamal

0 Likes
5 Replies
js_crc Super Contributor.
Super Contributor.

Re: Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi Kamal,

You can monitor  using Windows Event Log Policies. This policy is designed to read the .evt files Windows Event Viewer uses.

Right-click in the Windows Event Log branch that is in the left pane under (Policy management - Policies grouped by type - Agent Policies - Windows Event Log), then choose New - Policy. The policy editor will launch. Select the "Rules" tab and then add a new rule.

There you will have the option to choose your specific event id for the selected windows log. You can also leave it blank for the rule to evaluate any event id of the selected log.

Regards,

0 Likes
Absent Member.. Kamalakannan622 Absent Member..
Absent Member..

Re: Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi, Thanks for the solution given, but it works only for the Event log names of Security, application and system. I have attached a document where i need to configure the policy for Event ID which is present in the folder Microsoft-Windows-TerminalServices-SessionBroker which is under log name of Applications and Services. Can you please help on the same for. Regards Kamal
0 Likes
Highlighted
js_crc Super Contributor.
Super Contributor.

Re: Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi Kamal,

You can monitor a different log by entering the name shown in the "source of" field of the event. For example, to monitor Event ID 1149 from TerminalServices Remote Connection Manager log just change the default "Event log name" value to TerminalServices-RemoteConnectionManager and the policy will go to default Windows EVT path %SystemRoot%\system32\winevt\logs where all logs under Applications and Services Logs are saved.

Hope this helps,

Regards,

Tags (4)
0 Likes
Absent Member.. Kamalakannan622 Absent Member..
Absent Member..

Re: Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi Advisor, I have done the policy configuration as you said Attached the screenshot of the same. Can you please check and let us know is the configuration i had is correct or not? Attached the screenshot of the policy which I have created and the event id which to be configured. Regards Kamal
0 Likes
js_crc Super Contributor.
Super Contributor.

Re: Need to monior a Event ID which presents in Applications and Services Eventlog.

Hi Kamal,

I am unable to find the attached file. Can you check and upload it again? Do you already tried deploying the policy with the "Send message if event log does not exist" option?

Looking forward to your comments,

Regards,

Juan Sobrado

OMW Technical Support Consultant

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.