Forum Discussion

Advisor

5 years ago

Windows Event Management doubt(s)

Hello, Nowadays, we are migrating from CA IM to Logic Monitor platform, when it comes to the event logs monitoring we've some doubts on how to replicate those. Currently at IM we pick wha...

Event Log

event source

WIndowsServer

Anonymous

5 years ago

Sorry, was headed into a meeting and didn't have time to explain. Pre-reading: https://www.logicmonitor.com/support/logicmodules/eventsources/types-of-events/windows-event-log-monitoring Pay particular attention to the FILTEREDEVENTS option.

You can combine multiple sets of criteria into a single EventSource. You do this in your filters. As you found, you can set very specific filters so that each EventSource is responsible for alerting on a particular event. Instead, be less specific and one EventSource can capture multiple events. You can use RegEx to create a filter as complex as needed. When the alert is opened the "Alert Message" template is used to create the alert message displayed in the alert. Since it uses tokens, you can use a single template for most (or all) of the events.

Forum Discussion

Windows Event Management doubt(s)

Related Content

Windows ProcessMonitoring

Event Sources SNMP and Windows collectors?

Letting non-admin users make and manage their own dynamic groups

Windows service datasource error

Instance Management - Alerts

Recent Discussions

Can anyone help modify this Datasource to be able to use any port?

Dashboard updates

Does anyone monitor their iDracs with LM? Tons of duplicate alerts

How do you monitor Running Services on Linux boxes?

Event Sources SNMP and Windows collectors?