Adding and Editing a Windows Event Log Monitor

The Windows Event Log listens for Windows events on the devices to which it is assigned.

Windows event logs record events that happen on devices. For more information about the information the type of information that is gathered and reported in Windows logs, see the Microsoft support site.

When assigning a Windows Event Log passive monitor to a device, make sure the device has credentials assigned to it before creating the passive monitor. To use multiple Windows Event Log passive monitors, assign a unique Windows Event Log passive monitor for each device.

The upgrade process to WhatsUp Gold from previous versions automatically migrates Windows Event Log passive monitor credentials into the Credentials Library. If you experience upgrade problems with Windows Event Log passive monitors, look in the Credentials Library for the Windows (WMI) credentials that work for the device. If the device credentials do not exist, create new credentials for the device.

To add or edit a Windows Event Log monitor:

From the WhatsUp Gold web interface, go to Admin > Monitors. The Monitor Library dialog appears.
Click the Passive tab. The Passive Monitor list appears.
Click New and select Windows Event Log to create a new Windows Event Log monitor. Click OK.
- or -
Select the Windows Event Log monitor you want to change from the list of current monitors, and then click Edit.
Complete the information for the following boxes.
- Name. Enter a name for the monitor. This name displays in the Passive Monitor Library.
- Description. Enter a short description for the monitor. This description displays next to the monitor in the Passive Monitor Library.
- Condition. Enter a list of conditions to match. Only log entries matching these expressions are converted to events. Conditions are processed sequentially from top to bottom. As each condition is evaluated, its results are applied to the next condition until all conditions are evaluated. For complex sets of conditions involving both ANDs and ORs, this serial logic may produce different results than intended. As a best practice, we recommend keeping conditions simple by opting for multiple Passive Monitors over complex sets of conditions. When complex conditions are unavoidable, we recommend grouping all OR conditions together at the beginning of the set of conditions, followed by the ANDs.
- Click Edit to add or edit a condition or Clear to remove a condition from the box.
- Match On. You can click the Add button to access the expression editor, where you can create your expression, test it, and compare it against potential payloads you can receive. After creating the expression, click OK to insert that string into the Match On list.
Note: If you have multiple payload Match On expressions, they are linked by OR logic, not AND logic. For example, if you have two expressions, one set to "AB" and the other to "BA", it is matched against any log entry that includes either of the two strings.
Click OK to save changes.

After configuring a passive monitor in the Passive Monitor Library, add the monitor to devices.