Event Log Watch Type

From WebWatchBotWiki
Jump to: navigation, search
 Share 

Summary

When an error occurs, the system administrator must determine what caused the error, attempt to recover any lost data, and prevent the error from recurring. It is helpful if applications, the operating system, and other system services record important events such as low-memory conditions or excessive attempts to access a disk. Then the system administrator can use the event log to help determine what conditions caused the error and the context in which it occurred. By periodically viewing the event log, the system administrator may be able to identify problems (such as a failing hard drive) before they cause damage.


How does it work?

WebWatchBot monitors the Windows Event Log on local and non-local Windows systems by:

  • Detecting additions or deletions.
  • Filtering by entry type, e.g. error, warning, or informational.
  • Filtering by event source, e.g. SQL Server, an application, etc.
  • Searching entry text for word or phrase.


Why Use this Watch Type?

  • Track entries in the event log.
  • Detect additions or deletions.
  • Be notified if a keyword or phrase is in the Event Log.
  • WebWatchBot can take action (launch an .exe, restart a process, etc..) when admin defined conditions are met.


What to monitor


event_log_settings.gif



Fields and Buttons

Computer Name - enter the name of the computer where the event log to be monitored resides

Log - Select Application, System, Security or Custom

Event Type - Select from the following event types: All, Success, Error, Warning, Informational, Audit Success, Audit Failure

Event Source - leave blank for no filter on source

Search Text - enter a word, phrase or text that should be found in the log.

Search is case sensitive - optional

If Search is found, then trigger failure - optional