- 6 minutes to read

Monitoring the Windows Server Event Log

Learn how to monitor the Windows Server Event Log and share only filtered events to end users

This page describes what's being monitored for the Event Log Category in Nodinite, using one or more role-based Monitor Views. Nodinite monitors the state, based on user-defined thresholds, either global or specific. For managing the Event Log, remote commands are available as Actions. These help you swiftly manage reported problems. The implemented Remote Actions are further detailed on this page.

Event Log items as Resources
Example with a list of monitored 'Event Log configurations' as resources in a Monitor View

Filter options

The following filter options are available from the [Event Log Configuration[EventLogConfiguration]:

  • Log Source (Application/System/Security/...)
  • Log level (Information, Warning, Error, Critical)
  • Provider
  • Event Id (selected numbers)
  • Content (when matched)

Monitoring Features

  • You must manually manage your Event Log configurations to monitor. Sharing insights is very easy from within Nodinite using Monitor Views.
  • State Evaluation - Based on user-defined settings
  • Category-based monitoring - To help you sort out the different type of resources, the monitored Resources are grouped by Categories

State evaluation for Event Log based monitoring

The monitored Event Log configurations are displayed within Nodinite as Resources. For example, if you have 2 Windows Server configurations with 2 and 3 Event Log-configurations, then you will have 5 'Event Log' resources in Nodinite in total.

  • The name of the Resources are the same as the name for the Event Log-configuration

  • The 'Event Log' resource belong to the following Category:

    Category Description
    Event Log Make sure the Event Logs does not contain any events matching the user-defined settings

    Categories
    List of the Event Log related category as a filter in a Monitor View

  • The Application name is the Display Name from the configuration of the monitored Windows Server:
    ApplicationPathExample

Each item (presented in Nodinite as a Resource) and is evaluated with a state. (OK, Warning, Error, Unavailable).

From within Nodinite, you can reconfigure the state evaluation on Resource level using the Expected State feature.

NOTE: Depending on the user-defined synchronisation interval set for the Windows Server Monitoring Agent, there might be a delay before Nodinite Web Client/Monitor Views reflects upon the change. Click the Sync All button (or on the dropdown for individual agent selection) to force Nodinite to request a resynchronisation request.

Sync
Option to force Nodinite to request a resynchronisation request with the monitoring agent

Monitoring Event Log

For the Event Log category, the monitored state evaluates as described in the table below:

State Status Description Actions
Unavailable Service not available
  • If the server can't be reached and evaluated either due to Network or security-related problems
  • Bad configuration (invalid/non existing Source/Provider/...)
 Review prerequisites
Error Error state raised The 'Event Log' contains one or more matching events Clear
List Events
Warning Warning state raised Not implemented -
OK Online The 'Event Log' contains exactly 0 matching events Clear
List Events

Actions for Event Log

The following Remote Actions are available for the Event Log Category:

Actions

Clear

You can have old events removed by applying a filter on old events. The time for this filter is the point in time when you either click on the Clear action, or by manually editing the value in the global configuration. For selected Event Log resource, simply click on the Action button and then click on the Clear menu item within the 'Control Center' section.

Clear Menu Action
Filter old Log Events, using the 'Clear' action

You will then be prompted to confirm the intent to proceed with the operation:
Clear intent modal
Example of the 'Clear' prompt

Next, a modal presents with the result of the operation:
Clear Success
Example of successful clear operation

List Events

You can view details for the selected Event Log resource, click the Action button and then the List Events menu item within the 'Control Center' section.

List Events Menu Action
Open filtered Log Events modal, using the 'List Events' action

Next, the modal from the operation presents a list of filtered Log Events according to the settings.

List Events modal
Example of the 'List Events' modal

You can expand any single entry by clicking on the small arrow button:
Details for Log Event

The recorded Log Event entry can also be viewed as XML, click on the View as XML tab:
View as XML
Logged event as XML

At the bottom of the page, the Settings for this Event Log configuration can be reviewed (read-only): Details
Example of settings for this Event Log Configuration

Configuration

Use the Remote Configuration to manage the Event Log configuration.

Event Log Tab

Click the Event Log tab to manage Event Log related Monitoring options.
Event Log
Example of the 'Event Log' tab

Add an Event Log Entry to monitor by clicking on the Add Button:
Add Event Log Entry

Expand the Accordion to enter options:

  • Enable Event Log Monitoring for this configuration - When checked, Monitoring is enabled. Otherwise, it is disabled.

Event Log Basic Tab

Click the Basic tab to manage Event Log related Monitoring options.

Event Log Entry

  • Event Log Configuration Name - The 'Resource' name as presented in the Monitor Views for end-users
  • Description - User-friendly short description for this configuration.
  • Log Name - The name of the 'Windows Event Log' (Application, System, Security, ...) from where to look for events according to user-defined options

Event Log Source Tab

Click the Source tab to manage what to include from the Event Log.
Event Log Source Tab
The list of Event Log includes options

  • Information - When checked, include all Informational events
  • Warning - When checked, include all Warning events
  • Error - When checked, include all Error events
  • Critical - When checked, include all Critical events
Include the following Provider(s)

You can filter on named providers. There can be any number of providers added to the list.

Include Providers
Option to include Log Events from the specific provider

Providers not listed are excluded from Monitoring.

Include the following EventId(s)

You can filter on specific Event Ids. There can be any number of EventIds added to the list.

Include EventIds
Option to include only the specified Log Event Ids

NOTE: The Event Ids not part of the list are not monitored.

Include the following Event Data

You can filter on specific content using an exact string match, or a regular expression (RegEx). There can be any number of such filters.
Content based filter

Click the Add button to add an empty configuration.
Empty configuration

Click the chevron icon to expand the accordion:
Expanded empty configuration

  • Name
  • Operator
    • = (exact string match)
    • RegEx (match on provided RegEx)
  • Value

Event Log Options Tab

Click the Options tab to manage additional options for Monitoring the Event Log.
Event Log Options Tab
Event Log options

  • Set 'Log text' from last Event Log entry - When checked, the 'Log Text' for the monitored resource comes from the OLDEST event record in the filtered list

Event Log Advanced Tab

Click the Advanced tab to manage additional options for Monitoring the Event Log.
Event Log Advanced Tab
Advanced Event Log options

  • Clear Date Time - Clear/Ignore all warning(s) and errors(s) that occurred before this time. Events with an older date time, are not evaluated/returned

Next Step

Add or manage Monitor View

Windows Server Monitoring Agent
Resources
Monitoring
Monitor Views