How to Monitor the Windows Event Logs

IsItUp can monitor your Event Logs network wide and generate real time alerts.  Event logs contain a large variety of information that is critical to your systems health and security. However, they contain such a huge volume of data that it is difficult to review. IsItUp simplifies this by scanning your Event Logs and notifying you when important events occur based on your selection criteria.  IsItUp’s Event Log Monitor has the following features:

Ø  Monitor event logs on both local and remote machines.

Ø  Send alerts when event log entries are matched.  Email alerts can be configured to include the matched Event Log entries.

Ø  Determine event matches by using any combination of Type (Error, Information, etc), Id, Source, Category, User, Computer and Description. For added flexibility, both ‘*’ and ‘?’ wildcard characters are supported for matching in any field.

Ø  Start the Event Log scan at the point in the log where IsItUp last left off or scan within a specified interval.  For example, IsItUp can always scan through the last hour’s event log records. In addition, a threshold can be set so that alerts are only triggers if the specified number of matched event log entries are found.

To quickly get started, first:

Download and install IsItUp for a free 30 day trial.  Just click on the following link:

http://www.tarosoft.com/applications/IsItUpNetworkMonitor.exe

 

1.      To create an IsItUp Event Log Monitor, right click in the left most IsItUp Window (the device list window)  and select “New Device / Event Log Monitor” from the short cut menu.

2.      In order to setup the monitor, you need to fill in the name and group.   Then enter the remote information if the log is on another machine. The next step is to select one or more event logs to monitor.  Just click on the “Browse” button for a list of the available Event Logs.  The sample below shows monitoring the “Security” log on a remote machine.  Next, the match criterion needs to be defined.  Each time an event log record meets the match criteria, the monitor is deemed down.  If any alerts or actions are configured they will be executed.  Fields that are left blank are not considered for the match and in effect match anything.  The sample below has configured only Event Log entries of Type “Error” with the word “Logon” in the description for the match criteria. The final step in setting up an event log monitor is to decide how the scan is to be done.  You can configure the scan to always start up from the last record examined during the previous scan or always a fixed amount of time from when the scan starts.

 

 

3.      The Event Log Monitor results are reported in several ways.  First, the details view (right window) show the most recently matched records along with other test information.

 

 

Second, the Event Log report may be run at any time to get a list of all matched Event Log records within a user specified time range.  A brief sample appears below:

 

Finally, the matched event log records can be email along with other information about the event.  A sample email is included below:

 

Device Event Log Monitor in File Server Group failed on Sun, May 13, 2012 15:56:10.  The device has failed 2 consecutive times which exceeds the threshold set for this notification. The last successful test was on:  Sun, May 13, 2012 13:56:10

 

The last matched Event Logs were:

 

 

Log:        System

Type:     Error

Time:     05/13/12 15:22:00

Srce:      Service Control Manager

ID:          7026

Cat:

 

Log:        System

Type:     Error

Time:     05/13/12 15:11:30

Srce:      volsnap

ID:          6

Cat:

 

Log:        System

Type:     Error

Time:     05/13/12 08:35:06

Srce:      Service Control Manager

ID:          7011

Cat:

 

 

 

For more information on how to customize Email and SMS alerts visit http://www.tarosoft.com/faqs/How do I customize Email%20and SMS alerts.htm