Network Eagle Checks

Event Log Check

General information

This check can be used to monitor Windows Event Log records either on the local computer or on a remote one. How does it works? On the General page of this check you specify the name of the computer to monitor Windows Event Log records on. Then, you can specify filtering criteria for Event Log messages on the Settings page of the check dialog box. You have a large set of options to specify any filter you want.

As soon as you specify the computer and filter criteria for Event Log messages, you can start the check. When check is started, it marks all currently available Event Log messages as read and tries to monitor new messages. Each time a new message is added, the check tries to apply the filters specified on the Settings page. If the new message satisfies all your filtering criteria, the check assumes an "error" message is found and changes its status from successful to failed. Next time the check connects to the Event Log database, this message will be already marked as read and excluded from analysis.

Here is an example: Suppose we have an Event Log database with the thousands of entries on the local host. We configure our Event Log check in the following way: select the Application source log file, clear all check boxes except the Error Event Type. It means that filtering criteria will be true only when an error message is received. Save the check and start it.

Now, go to the console and type net start aaaaaa trying to start a non-existing service. The error message will be written to the Application log file of the Event Log. After the check checks the Event Log and finds this message, it will make sure that this message meets the filtering criteria. After that the check will change its status to failed. Wait for a while until the check looks through the Event Log one time more. In this case the previous message has been already monitored and the check will set its state to successfule unless another error message is found.

As you can see from the example above, the Event Log check will always be successful after it is started for the first time.

Status Conditions

Success - No messages matching the filtering criteria have been added to the Event Log database since the last check.

Failed - One or more messages matching the filtering criteria have been added to the Event Log database since the last check.

Check Settings

Besides the standard properties, you should specify the following parameters for this check:

See the picture below.

See Also

About Checks