PATROL can monitor the WindowsEvent Log for events that match your criteria. When PATROL finds a match, it notifies you through an icon change, executes any commands that you have specified, and logs an entry in the PATROL Event Monitor (PEM). The Event Log application enables you to view and control any Windows event log that is registered in the Windows registry.
If the console connection account lacks adminstrator rights, you cannot change the event log properties and you cannot view the security event log. To perform these actions, you must add the right Manage Auditing And Security Log to the agent account and the console connection account.
To monitor specific Windows events, PATROL allows you to create event filters. Event filters specify the type of events to monitor and how to monitor them. You can create event filters by specifying the types of events that you want to monitor based on the event's source, ID, type, and content. However, before you can create a filter for a Windows event, you must enable the monitoring of that Windows event log. If the events you want to monitor have unregistered sources, you can manually add those events.
After you have enabled the monitoring of the Windows Events, you can set up a filter to scan the event log for specific events. For example, you might want to monitor the WinMgmt events. The event filter options provided using the Configure Windows Event Monitoring > Create Filter or Modify Filter menu commands from a Windows Event instance enable you to set up the monitoring of an event in many different ways.
You can remove a Windows event filter at any time, and you can turn off an event filter.
For more information, see the following topics:
- Enable and disable monitoring of Windows events
- Display events with unregistered sources
- Event filter options
- Including and excluding strings
- Turning off an event filter
- Forwarding Windows events to the Patrol Event Manager (PEM)
- Displaying the origin event in the required format
- Configuring the monitoring of Windows events
- Creating or modifying a Windows event filter
- Selecting an event log to filter
- Deleting an event log filter
- Viewing Windows Events
- Viewing the names of computers that the event log filter monitors
- Disabling case-sensitivity for event filters
- Disabling information events
- Backing up or saving a Windows event log
- Clearing a Windows event log
- Windows and PATROL event severity comparison
- Retained event descriptions
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks