Configuring the monitoring of a registry value

You can configure PATROL to monitor a specific registry value on the monitored computer to detect when the value changes or is deleted.

Before you begin

You can monitor registry values only under the following hives:

  • HKEY_LOCAL_MACHINE
  • HKEY_CURRENT_CONFIG
  • HKEY_CLASSES_ROOT

You cannot monitor registry values under HKEY_CURRENT_USER and HKEY_USER.

To configure the monitoring of a registry value

  1. Navigate to the NT_REGISTRY application (labeled Registry) as described in Accessing-an-application-instance.
  2. Access the KM menu commands as described in Accessing-KM-menu-commands.
  3. Choose the KM menu command Configure Registry Value Monitoring > Add Value.
  4. From the Configure Registry Value Monitoring - Add Value dialog box, enter the name of the registry key and the value that you want to monitor.
    Enter the full name of the registry key path.
    Example:
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\BMCSoftware\PAMO\1.1\ReportTypes\Event Trend Report
    Value: Excel Template Path
  5. Click Apply.
  6. If the value changes or is deleted, the parameter Registry Value Changed (RegValueChanged) alarms.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*