How can I monitor and gets alerts when an event log entry happens?

Please take a look at

• Event Log (Windows API) Sensor
• WMI Event Log Sensor

I also setup event log checking with the API. My question however is how specifically do I get it to send me an alert with the event log shows up? I checked the notification and channel tab but I would like specific instructions please.

Basically one would setup the sensor (with matching filters if necessary, for Event ID, etc.) and then either use Warning- and/or Error-Limits to set the sensor into warning/error-state every time the event occurs (and then use a state-trigger with this). Or you can also use the Change-Trigger.

But the WMI event log never gets into an error or warning state.

It's counting matching event entries and shows them in the volume channel. Yes I can set a notification, when the value changes, but it will never get in an error state.

Dear Klaus-Dieter, have you set the Error-/Warning-Limits? If so, to which values?

Where should I set them? The wmieventlogsensor has no configuration options for Error-/Warning Limits.

These Limits are to be set on the Channels-Tab, and of course the WMI Event Log Sensor does have them as well.

Hi, it's an old case but i have a problem too with the WMI Eventlog Sensor.

I setup WMI Eventlog sensor and the Upper Error Limit to 8 on the New Records Channel. No Upper Warning Limit set yet. In the notification settings i set the Down state and latency to 2 s.

when i now generate the Event ID on the monitored server the status of the sensor changed not to down so i never receive an notification.

for testing is use the Event ID 4625 Logon Failure and generate the failer with a simple net use command.

Hello, I'm afraid any numbers higher than 0 don't work with the Eventlog Sensors and Error/Warning-Limits on them, because these limits refer to the speed-values of the Eventlog Sensor (i.e. 8 Events per second), and these are very often between 0 and 1.

Hi, I've ended 0 as upper warning limit. In the detail view, I can see the graph turns red. but under device view, it is still green. I'm wondering why it is not warning status is not reflected in Device view and Warning sensors view?

Thanks

Very often this happens with Eventlog sensors, because they only show the error state for one scan (when error-limits are used), and then go into UP/Green state with the next scan again, because the event is not again found. It's better to work with Change-Triggers on Eventlog- Sensors actually. They will notify each time an event is found.

Hello!

Can one of suggested Sensors filter Windows Log events by Event Level (Critical, Warning, Error)? Can't find this filter in any of Sensors.

Hi Vasily,

It seems that there is currently no filter option for "Critical". You can find all other filters in the settings of the Windows API Event Log and the WMI Event Log Sensor.

Kind regards,
Birk Guttmann, Tech Support Team