Event Log Check
The Event Logs contain detailed system status data that is written to the logs by applications and Windows components.
The Event Log Check monitors the Event Logs, and you can configure it to query a specific Event Log based on Event ID, Event Type, Event Source and Description. The Event Log Check generates alerts where the specified information is, or is not, discovered in an Event Log entry.
The recorded date and time for a discovered Event is based on the local time of the device and not the Dashboard timezone.
You can add, edit, or delete multiple Event Log Checks on the same device for 24x7 and Daily Safety Checks.
For Application and Security Event Logs, the Event Log Check only retrieves information from the root level. It does not query sub-level logs.
You can view details of the Check result output in the More Information section of the Checks tab along with links to the following resources for further information on the Event: EventID.net, Google, Bing, Microsoft or Yahoo
Add an Event Log Check
- On the N-sight RMM Dashboard North-pane, select the device
- Go to the Checks tab and click Add Check
- Choose Add DSC Check > Event Log Check
- Configure settings (covered below)
- To run an Automated Task when the Check fails choose Assign a Task after creating the Check
- OK to save and apply
- Where Assign a Task after creating the Check is selected:
- Select the script
- Click Next to configure
- Enter the Command Line parameters (if required)
- Set a Script timeout in the range 1 - 3600 seconds (default 120 seconds)
- Click Finish to save and apply
Event Log Check configuration settings
| Setting | Description |
|---|---|
| Descriptive Name | Enter a meaningful name to identify the check on the Dashboard and in Alerts and Reports |
| Event Log to query | Select the target Event Log from the drop-down menu.
The Agent automatically detects the installed Event Logs and uploads them to the Dashboard. |
| Alert when | Select when an alert is generated.
Choose to Alert when the Log contains the information in the check or the Log does not contain the information in the check. |
| Event ID(s) | The Event identification number. Event ID numbers may be Event specific or associated with multiple Events. For multiple Event IDs, separate each Event ID by a comma.
Supports wildcards (*) to search for any entries in these fields. |
| Event Type | Select one or more of the following Event Types to indicate the Event Log entry severity:
|
| Event Source | The application or Windows component that generated the Event
Supports wildcards (*) to search for any entries in these fields. |
| Message contains string | Configure the Check to search for specific text within the Event description to monitor its state
Supports wildcards (*) to search for any entries in these fields. For example, drive * failed. |
| Apply Critical Events Exclusion List | Tick this box to ignore Events already on the Critical Event Exclusion list |
| Exclude Events from Check | You can create an exclusion list for the specific Event Log Check .
Click Exclude Events from Check, click Add, and enter the Event Source and Event ID to ignore. You can also manage the Exclusion List. Highlight the target Event Source, and then select Edit or Delete. |
Edit an Event Log Check
- On the N-sight RMM Dashboard North-pane, select the device
- Go to the Checks tab
- Select the target Event Log Check
- From the Check drop-down
- Click Edit Check (also available from the Check's right-click menu)
- Configure the settings
- Click OK to save and apply
Delete an Event Log Check
- On the N-sight RMM Dashboard North-pane, select the device
- Go to the Checks tab
- Select the target Event Log Check
- From the Check drop-down
- Click Delete Check (also available from the Check's right-click menu)
- Enter the password you have logged into the Dashboard under to confirm removal
- Click OK to delete