We have a computer that receives Windows Event Logs from other computers around the office. I would like to monitor the "Forwarded Events" event log but the PRTG system does not seem to be able to do this. Is it possible?
Unfortunately, it's not possible to use PRTG Eventlog Sensors to monitor forwarded events.
What could be interesting for you is the EventlogReaderXML Sensor by PRTG Tools Family.
You can download the sensor here.
After the download is done, extract the files and copy the sensor file "EventlogReaderXML.exe into the following directory:
|32 bit systems||%programfiles%\PRTG Network Monitor\Custom Sensors\EXEXML|
|64 bit systems||%programfiles(x86)%\PRTG Network Monitor\Custom Sensors\EXEXML|
Than create the Exe/Script Advanced sensor on the local probe device. The sensor parameters are:
- -f= The full path of the eventlog (.evtx) file.") These file are usual located in the 'C:\Windows\System32\winevt\Logs' folder.")
- -s= The name of the eventlog source.")
- -u= Optional, Domain\Username of a user account that can access the folder containing the eventlog.")
- -p= Optional, Password or PassHash * of a user account that can access the folder containing the eventlog."
- -m= Optional, The maximum time in minutes a result is allowed to be old.") default = 1 day (1440 minutes)")
- -l= Optional, Comma separated list of entry levels to report on.")
Please be aware, we don´t offer support for third party Sensors, so if you run into issues with this one you have to contact ptf directly.
I am novice with prtg sofftware.
I would like to be able to monitor remote backup logs of about 40 servers.
I downloaded the EventlogReaderXML.exe file and the ovl file.
I dropped the file EventlogReaderXML.exe in "% programfiles (x86)% \ PRTG Network Monitor \ Custom Sensors \ EXEXML"
I filed the OVL file in "% programfiles (x86)% \ PRTG Network Monitor
lookups \ custom"
I configured the sensor:
-f = c: \ Windows \ System32 \ winevt \ Logs \ Microsoft-Windows-Backup.evtx -s = Backup -u = domain \ user -p = XXXXXX -m = 5000
It works but PRTG reads my local log file.
-f = \\ 10.144.245.129 \ c $ \ Windows \ System32 \ winevt \ Logs \ Microsoft-Windows-Backup.evtx -s = Backup -u = domain \ user -p = XXXXXX -m = 5000
It does not work because the file is locked.
If I copy the file "Microsoft-Windows-Backup.evtx" to testbackup.evtx and query it, it works.
Sorry for my mediocre English (thanks google), what is the best way to proceed?
Thank you in advance for your suggestions cordially
Stephan Linke, Tech Support Team