Previous Next
Opalis Integration Server > Foundation Objects > Monitoring > Monitor Event Log

Monitor Event Log
The Monitor Event Log object triggers Policies when new events that match a filter that you specify appear in the Windows Event Log. The second mode triggers your Policy when the size of the Windows Event Log reaches the maximum size allowed.
This object uses a satellite license. See Objects that Require Satellite Licenses for more information.
How it is used
You can use the Monitor Event Log object to execute Policies that will escalate, investigate, or correct any issues in response to events being generated to the Windows Event Log. For example, a security audit failure appears in the Security log which will send an email to an administrator to notify them of the problem.
Configuration
When configuring the Monitor Event Log object you need to know the name of the event log you are monitoring and details about the events that will trigger the Policy.
Details Tab
 
Computer
Type the name of the computer that stores the Windows Event Log that you want to monitor. You can also browse for the computer using the ellipsis (...) button. The Action Server that runs this object must have the appropriate rights to monitor the Windows Event Log on that computer.
Event log
Type the name of the Windows Event Log that you are monitoring. You can also browse for the Windows Event Log using the ellipsis (...) button. Windows includes three (3) Event Logs by default - Application, Security, and System. The computer that you are connecting to may contain other Event Logs.
Message filters
The list shows all the filters that have been configured to filter the events that are generated in the log that you have specified. To edit or remove an item in the list, select it and click Edit or Remove respectively. To add a filter, see the instructions below.
To add an event filter:
1.
Click Add. The Filter Properties dialog appears.
2.
Select the property of the event log entry that you are filtering against. You can filter against the Category, Event ID, Description, Event ID, Source, and Type that is attributed to the event.
3.
Specify the relation you are using to compare the value of the event property to the filter value. For the Category, Description, Type, and Source you can specify contains and does not contain. For Event ID you can specify is different than, is equal to, is lower than, is lower than or equals, is more than, and is more than or equals.
4.
Specify the filter value that you are comparing the event property against. For Category, Description, and Source type the string that is contained within the property. For Event ID, type the numeric value that will be compared against the ID of the event. For Type, select the specific type of event that you want to filter for.
Available Published Data
 
Name
Description
Event log name
The name of the Windows Event Log being monitored.
Computer
The name of the computer where the Windows Event Log is stored.
Log entry description
The text that is contained in the description of the Event Log entry.
Log Entry ID
The ID of the Event Log entry.
Log Entry source
The source of the event.
Log Entry computer
The computer where the event occurred.
Log Entry type
The type of event.
Log Entry date
The date the event was logged.
Log Entry time
The time the event was logged. 
Common Published Data

Previous Next