What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Monitor Windows Error Eventlogs

Votes:

0

I want to monitor Windows event logs for error events. However I want to whitelist certain errors that I don't care about, and not be notified about them.

I need to do it this way rather than monitor for specific errors, as I don't know all the errors that may occur.

Is this possible with PRTG.

eventlog notifications prtg

Created on Jan 12, 2016 2:42:09 PM



1 Reply

Votes:

0

This can be done with the EXE/Script sensor. The following script should be what you're looking for: http://pastebin.com/eyyzijjL

What the script does:

  1. It gets all available event logs
  2. All events that match the timespan are retrieved from the above logs
  3. If the ID is not in the excludeIds array and the source not in the excludedSource array, it will get added to the results.

Make sure that the Security Context of the sensor is set to "Use credentials of parent device" and those credentials are those of an administrative user .

It will then output something like: 211:211 error entries found within the last 10 minutes.

In order to install the sensors, proceed with the following steps

  1. Run a 32 Bit PowerShell with administrative privileges on the PRTG Core Server or a remote probe (if the site is monitored by one)
  2. Execute the following command: "Set-ExecutionPolicy RemoteSigned"
  3. Copy the attached script to C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE\Get-Weblogin.ps1 (or whatever name you like)
  4. Modify the default parameters if necessary, except for the password - leave it that way since you can't properly hand it over (at least I couldn't)
  5. Create a new Sensor: EXE/Script
  6. Select the script you just copied
  7. The parameter has to look like this:
-Computer %host -maxAge 5 -ExcludedIds @(36888,15648) -unit "minutes"

Then hit save. Those parameters will get all events from the last 5 minutes (given that maxAge is set to 5). Seconds, minutes, hours and days are valid options here. This will get all logs from the last 5 minutes and ignore the given sources and IDs. Set the scanning interval to 5 minutes. That way, you will always get the recent amount of logs.

The execution of the sensor takes about 5.7 seconds for a network host with that interval. I tested the script and it worked fine on my machine and two others where I had a user with administrative privileges configured.

Created on Jan 13, 2016 2:08:52 PM by  Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.