Enable and disable monitoring of Windows events

Before you can create an event filter, you must enable the monitoring of the Windows event log. 

By default, all Windows event logs are monitored if they are registered in the Windows registry at the following location:

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog

To enable or disable Windows event log monitoring, access the Windows Events application and select the KM menu command Enable-Disable Windows Event Log Monitoring, and proceed as follows:

To enable the monitoring of a Windows event log

  1. In the Available Event Logs list, select (highlight) the event logs that you want PATROL to monitor.
  2. Select Include and click Apply.
    The selected Event Logs are moved to the list of Monitored Event Logs.

To disable the monitoring of a Windows event log

  1. In the Monitored Event Logs list, select (highlight) the event logs that you no longer want to monitor.
  2. Select Exclude and click Apply.
    The selected Event Logs are moved to the list of Available Event Logs.

To stop the automatic monitoring of new Windows event logs

  1. Clear the option, Monitor newly discovered event logs.
  2. Click Apply.

Related dialog box

Enable-Disable-Network-Interface-Monitoring-dialog-box

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*