ActiveXperts
Network Monitor
 Product Overview
 Built-in checks:
 
 Download (.exe)
 Brochure (.pdf)
 Manual (.pdf)
 Release Notes


Support
 Knowledge Base
 Forum
 Contact Support


Purchase
 Licensing
 Pricing
 Order now


Some quotes
 
 Windows&.NET Magazine:
 "Small,smart & very handy"
 
 MonitorTools.com Review:
 "Extremely easy to use,
 great value for money!"


Windows Management
 Introduction
 Scripts Collection (1)
 Scripts Collection (2)
 WMI / ADSI / WSH
 Windows 2000
 Resource Kit
 Miscellaneous

  Download ActiveXperts Network Monitor 7.0  (6239 KB - .exe file)
  Download Manual  (653 KB - .pdf file)
ActiveXperts.com > ActiveXperts Network Monitor > Checks > Event Log check

Event Log Monitoring - Monitor the Windows EventLog

ActiveXperts Network Monitor can read Windows Event logs on local- or remote computers. It can look for specific Event Sources, Categories, Event ID's and so on. It can look for a pattern in the Description of the Event. It can do advanced filtering in Event Logs; it can look for multiple events in the Event Log, and notify the system administrator if one of the Events occurred in a specific time interval. For instance, as a network administrator, you want an alert if there's a McAfee or Norton virus message in the Application Event Log, but only if the event is posted in the last 30 minutes. ActiveXperts Network Monitor uses VBScript and WMI for this. It enables you to fully customize Event Log filtering, speeding up performance by checking for more than one event in each cycle.

An Event Log check takes the following parameters:
  • Server - The NetBIOS name, DNS name or the IP address of the server you want to monitor;
  • Log File - The Log File to be checked. Choose the appropriate log file, for instance: 'Application', 'Security', 'System', or server-related log (like DNS, Exchange, etc.);
  • Consider as Error if Event does (NOT) exist - If all conditions are met for the Event Log entry, will the situation be considered as an error or as a success?
  • Information/Warning/... - Filter these event types;
  • Event Source - Filter events that match this Event Source;
  • Category - Filter events that match this Event Category;
  • Event ID - Filter events that match this Event ID;
  • User - Filter events that match this User;
  • Only Events from the last x minutes - This options allows you to disregard errors that happened in the past. For instance, if you don't want to be notified about error events that happened in the past (like a week ago), use this option;
  • Description matches string - Filter events that match the description string in the Event Message;
  • Credentials - if alternate credentials are required to access the remote server, select an alternate account here.
 




About the Event Log

Using the event logs in Event Viewer, you can gather information about hardware, software, and system problems. You can also monitor Windows XP security events. A computer running any version of Windows NT or higher records events in three kinds of logs:
  • Application log - The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. Program developers decide which events to monitor.
  • Security log - The security log records events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log.
  • System log - The system log contains events logged by Windows XP system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined by Windows XP.
A computer running Windows configured as a domain controller records events in two additional logs:
  • Directory service log - The directory service log contains events logged by the Windows directory service. For example, connection problems between the server and the global catalog are recorded in the directory service log.
  • File Replication service log - The File Replication service log contains events logged by the Windows File Replication service. For example, file replication failures and events that occur while domain controllers are being updated with information about sysvol changes are recorded in the file replication log.
A computer running Windows configured as a Domain Name System (DNS) server records events in an additional log: DNS server log - The DNS server log contains events logged by the Windows DNS service. Events associated with resolving DNS names to Internet Protocol (IP) addresses are recorded in this log.

Event Viewer displays these types of events:
  • Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error event will be logged;
  • Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a Warning event will be logged;
  • Information - An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged;
  • Success Audit - An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event;
  • Failure Audit - An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.
The Event Log service starts automatically when you start Windows. All users can view application and system logs. Only administrators can gain access to security logs.
By default, security logging is turned off. You can use Group Policy to enable security logging. The administrator can also set auditing policies in the registry that cause the system to halt when the security log is full.
Copyright ©1999-2007 ActiveXperts Software. All rights reserved.