WindowsEventLog

Supported Versions Windows XP, Vista, 7, 8, 2000, 2003, 2008, 2012, 2016
Collection Methods WMI
Requirements
  • The Longitude Statistics Server account must have Local Administrator privileges on the monitored computer.
  • The Windows Management Instrumentation (WMI) service must be running on the monitored computer.
  • Windows Event Log severities will translate to Longitude severities as follows:
    Window Event Log Longitude
    Error Critical
    Warning Warning
    Failure Audit Major
  • WindowsEventLog collections may be filtered by Event ID or Source. If a collection is configured to look for a specific event, modify the Instance to be a unique name so that it does not overwrite a previously registered collection. Each monitored computer can support multiple WindowsEventLog Instances, creating collectors for specific Event IDs, Sources, Event Types, and Event LogFiles.
Configuration
  1. Use Monitor Devices.
  2. If necessary, select a Longitude Remote Agent.
  3. Select WindowsEventLog
  4. Enter the name of the computer to be monitored in the Computers field.
  5. Select the LogFile to monitor. The options are Application, System, Security, and Other. If Other is selected, the field will allow you to enter a LogFile name. The Instance field will be updated to match the LogFile.
  6. Select the types of Windows Events to collect in the Type Allow List. The options are Error, Warning, and Failure Audit.
  7. Optionally, enter Event IDs into either the Event Allow List or the Event Deny List. Do not enter Event IDs into both lists.
  8. Optionally, enter Sources into either the Source Allow List or the Source Deny List. Do not enter Sources into both lists.
  9. The Instance value is used by Longitude to distinguish between different WindowsEventLog collections being monitored for the same computer. Registering the same WindowsEventLog Instance twice for the same computer will overwrite the details of the previous registration. The default value for the Instance will be the LogFile – the instance value may be edited before registration.
  10. Click Monitor
Troubleshooting WindowsEventLog collection timeout error:
If a very large number of Windows Event Log records have been created within the last 5 minutes, it is possible that the collector will timeout. Check the Event Logs on the computer being monitored for excessive Windows Events.