Windows Event Log Monitors
Event Log Monitors are used to monitor the standard Windows Application, Security and System event logs. New events which are sent to the logs can be monitored and alerts raised accordingly. Most standard ‘server’ based products such as Exchange and SQL post events into the standard logs. In some instances, you may want to monitor if an event has not been received during a specified time.
You can also use Event Log Monitors to monitor the contents of any text-based log file (including fixed-format and delimited) for any new entries, raising alerts accordingly.
Standard Event Log Monitors
The standard Event Log (Application, Security and System) Monitors provide two key features:
- Monitoring of standard Windows event logs
- New events in the log can be filtered and alerts raised accordingly. Most standard ‘server’ type products (such as Exchange and SQL) post events into the standard logs.
Additional Event Log Monitors
There are also three additional Event Log Monitors:
Directory Service Event Log Monitor
This can be used, for example, to log connection problems between the server and the global catalog.
DNS Server Event Log Monitor
Events associated with resolving DNS names to Internet Protocol (IP) addresses are recorded in this log.
File Replication Event Log Monitor
File replication failures and events that occur while domain controllers are being updated with information about System Volume (Sysvol) changes are recorded in the file replication log. Sysvol is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain.
Event Log Monitors - Examples of Use
The following are all examples of where an Event Log Monitor can be used to determine successful (or unsuccessful) occurrence of system events:
- Failed backups
- SMTP protocol errors
- Specific event sources, categories, event IDs, event user or text
- Service status monitoring
- Security violations