Monitor Event Log
Applies To: Opalis 6.3
The Monitor Event Log object triggers Policies when new events that match a filter that you specify appear in the Windows Event Log. The second mode triggers your Policy when the size of the Windows Event Log reaches the maximum size allowed. This object uses a satellite license.
You can use the Monitor Event Log object to execute Policies that will escalate, investigate, or correct any issues in response to events being generated to the Windows Event Log. For example, a security audit failure appears in the Security log which will send an email to an administrator to notify them of the problem.
Configuring the Monitor Event Log Object
When configuring the Monitor Event Log object you need to know the name of the event log you are monitoring and details about the events that will trigger the Policy.
To configure the Monitor Event Log object
From the Objects pane, drag a Monitor Event Log object to the active Policy.
Double-click the Monitor Event Log object icon. The Properties dialog opens.
For information about the settings on the Details tab, see the following table.
For information about the settings on the General tab, the Run Behavior tab, and other tabs if applicable, see Common Tabs.
Details Tab
Element | Configuration Instructions |
---|---|
Computer |
Type the name of the computer that stores the Windows Event Log that you want to monitor. You can also browse for the computer using the ellipsis ( ... ) button. The Action Server that runs this object must have the appropriate rights to monitor the Windows Event Log on that computer. |
Event log |
Type the name of the Windows Event Log that you are monitoring. You can also browse for the Windows Event Log using the ellipsis ( ... ) button. Windows includes three Event Logs by default - Application, Security, and System. The computer that you are connecting to may contain other Event Logs. |
Message filters |
The list shows all the filters that have been configured to filter the events that are generated in the log that you have specified. To edit or remove an item in the list, select it and click Edit or Remove as applicable. To add an event filter
|
Monitor Event Log Published Data
The following table lists the element names and descriptions of the data published by this object. For information about the published data elements that are common to all objects, see Policy Workflow Rules.
Element Name | Description |
---|---|
Event log name |
The name of the Windows Event Log being monitored. |
Computer |
The name of the computer where the Windows Event Log is stored. |
Log entry description |
The text that is contained in the description of the Event Log entry. |
Log Entry ID |
The ID of the Event Log entry. |
Log Entry source |
The source of the event. |
Log Entry computer |
The computer where the event occurred. |
Log Entry type |
The type of event. |
Log Entry date |
The date the event was logged. |
Log Entry time |
The time the event was logged. |