PATROL can monitor the WindowsEvent Log for events that match your criteria. When PATROL finds a match, it notifies you through an icon change, executes any commands that you have specified, and logs an entry in the PATROL Event Monitor (PEM). The Event Log application enables you to view and control any Windows event log that is registered in the Windows registry.
If the console connection account lacks adminstrator rights, you cannot change the event log properties and you cannot view the security event log. To perform these actions, you must add the right Manage Auditing And Security Log to the agent account and the console connection account.
To monitor specific Windows events, PATROL allows you to create event filters. Event filters specify the type of events to monitor and how to monitor them. You can create event filters by specifying the types of events that you want to monitor based on the event's source, ID, type, and content. However, before you can create a filter for a Windows event, you must enable the monitoring of that Windows event log. If the events you want to monitor have unregistered sources, you can manually add those events.
After you have enabled the monitoring of the Windows Events, you can set up a filter to scan the event log for specific events. For example, you might want to monitor the WinMgmt events. The event filter options provided using the Configure Windows Event Monitoring > Create Filter or Modify Filter menu commands from a Windows Event instance enable you to set up the monitoring of an event in many different ways.
You can remove a Windows event filter at any time, and you can turn off an event filter.
For more information, see the following topics: