This can be done with the EXE/Script sensor. The following script should be what you're looking for: http://pastebin.com/eyyzijjL
What the script does:
- It gets all available event logs
- All events that match the timespan are retrieved from the above logs
- If the ID is not in the excludeIds array and the source not in the excludedSource array, it will get added to the results.
Make sure that the Security Context of the sensor is set to "Use credentials of parent device" and those credentials are those of an administrative user .
It will then output something like:
211:211 error entries found within the last 10 minutes.
In order to install the sensors, proceed with the following steps
- Run a 32 Bit PowerShell with administrative privileges on the PRTG Core Server or a remote probe (if the site is monitored by one)
- Execute the following command: "Set-ExecutionPolicy RemoteSigned"
- Copy the attached script to C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE\Get-Weblogin.ps1 (or whatever name you like)
- Modify the default parameters if necessary, except for the password - leave it that way since you can't properly hand it over (at least I couldn't)
- Create a new Sensor: EXE/Script
- Select the script you just copied
- The parameter has to look like this:
-Computer %host -maxAge 5 -ExcludedIds @(36888,15648) -unit "minutes"
Then hit save. Those parameters will get all events from the last 5 minutes (given that maxAge is set to 5). Seconds, minutes, hours and days are valid options here.
This will get all logs from the last 5 minutes and ignore the given sources and IDs. Set the scanning interval to 5 minutes.
That way, you will always get the recent amount of logs.
The execution of the sensor takes about 5.7 seconds for a network host with that interval.
I tested the script and it worked fine on my machine and two others where I had a user with administrative privileges configured.