What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Checking and Filtering Windows Eventlogs with PRTGs inbuilt Eventlog sensors

Votes:

0

Hi,

I'm trying to create an Eventlog sensor to check for event id 528 (logon). I also want to use "Filter by message" to filter for "Logon type 10", as in the following example:

Successful Logon: User Name: xxx Domain: xxx Logon ID: (xxx) Logon Type:
10 Logon Process: User32 Authentication Package: Negotiate Workstation
Name: xxx Logon GUID: {xxx} Caller User Name: xxx$ Caller Domain: xxx
Caller Logon ID: (xxx) Caller Process ID: xxx Transited Services: - Source
Network Address: xxx Source Port: xxx.\

How can I achieve this?

eventlog prtg wmi

Created on Feb 23, 2011 12:11:12 PM by Torsten Lindner [Paessler Support]



1 Reply

Votes:

0

Hello,

to filter for certain parts in an Eventlog message, here in this case please try using:

%Logon Type:___10%

in the "Filter by message"-field. It's 3 underscores _ after the :

Unfortunately, this may dependent on the used Windows versions, so it might also be only one underscore. It is also depending on the language of the Windows versions.

Best Regards.

Created on Feb 23, 2011 12:12:57 PM by Torsten Lindner [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.