Checking and Filtering Windows Eventlogs with PRTGs inbuilt Eventlog sensors

Modified on 2025-06-10 11:59:29 +0200

Hi,

I'm trying to create an Eventlog sensor to check for event id 528 (logon). I also want to use "Filter by message" to filter for "Logon type 10", as in the following example:

Successful Logon: User Name: xxx Domain: xxx Logon ID: (xxx) Logon Type:
10 Logon Process: User32 Authentication Package: Negotiate Workstation
Name: xxx Logon GUID: {xxx} Caller User Name: xxx$ Caller Domain: xxx
Caller Logon ID: (xxx) Caller Process ID: xxx Transited Services: - Source
Network Address: xxx Source Port: xxx.\

How can I achieve this?

Article Comments

Hello,

to filter for certain parts in an Eventlog message, here in this case please try using:

%Logon Type:___10%

in the "Filter by message"-field. It's 3 underscores _ after the :

Unfortunately, this may dependent on the used Windows versions, so it might also be only one underscore. It is also depending on the language of the Windows versions.

Best Regards.

Feb, 2011 - Permalink

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Checking and Filtering Windows Eventlogs with PRTGs inbuilt Eventlog sensors

Article Comments

Search

Attention

Related Articles