Monitor Event Log Capacity

The Monitor Event Log Capacity object triggers Policies when the size of the Windows Event Log reaches the maximum size allowed.

How it is used

You can use the Monitor Event Log Capacity object to trigger a Policy that will archive and purge the event log so that events will not be lost.

Configuration

When configuring the Monitor Event Log Capacity object you need to know the event log you are monitoring.

Details Tab

 

Computer	Type the name of the computer that stores the Windows Event Log that you want to monitor. You can also browse for the computer using the ellipsis (...) button. The Action Server that runs this object must have the appropriate rights to monitor the Windows Event Log on that computer.
Event log	Type the name of the Windows Event Log that you are monitoring. You can also browse for the Windows Event Log using the ellipsis (...) button. Windows includes three Event Logs by default - Application, Security, and System. The computer that you are connecting to may contain other Event Logs.
Test	Type the number and select the units of time for the Monitor Event Log Capacity object to wait between each check of the Windows Event Log size.

The Monitor Event Log Capacity object will only trigger every time the size of the Windows Event Log goes from below the maximum to above the maximum.

Example

The Monitor Event Log Capacity object is set to test every 30 seconds.

 

Time	Event Log Size is Above Maximum?	Result
30s	No	Do not trigger Policy
60s	Yes	Trigger Policy
90s	Yes	Do not trigger Policy
120s	No	Do not trigger Policy
150s	Yes	Trigger Policy

Available Published Data

 

Name	Description
Event log name	The name of the Windows Event Log being monitored.
Computer	The name of the computer where the Windows Event Log is stored.
Test interval	The interval in seconds between checks to the event log.

Common Published Data