I would like to be able to exclude certain event IDs from event sensor counts. I'm aware it is not possible with the standard event log sensor provided, and that Paessler has provided an "as is" script previously.
(https://helpdesk.paessler.com/en/support/solutions/articles/15693-how-can-i-check-the-windows-event-log-using-extended-filter-options)
I'd rather not use vbscript as I'm now more familiar with Powershell.
My question is, is it possible for me to provide a Powershell script to use in PRTG instead? If so, how does PRTG handle the running of the script:
- where should output from the script be sent to in order for PRTG to process the result
- what is the correct output format to send to PRTG?
- where must the script reside? On PRTG server? On each node to be monitored?
Thanks.
Article Comments
Hi there,
Here's another one based on Powershell, feel free to adjust it to your needs.
For using a script in a sensor you either need an EXE/Script (expects one return value and optional message) or EXE/Script Advanced sensor (can process several return values and display them in dedicated channels). Details about how the returned result(s) need to look like are also available inside PRTG in "Setup | PRTG API | Custom Sensors".
By the way, in the current version of the WMI Eventlog Sensor has an include/exclude switch for each filter category, though it can only include or exclude for one category or phrased differently: you can't apply and include and exclude filter at the same time for for event-ids like "Include id 1234 but exclude 5678".
Kind regards,
Erhard
May, 2018 - Permalink
Hi there,
Here's another one based on Powershell, feel free to adjust it to your needs.
For using a script in a sensor you either need an EXE/Script (expects one return value and optional message) or EXE/Script Advanced sensor (can process several return values and display them in dedicated channels). Details about how the returned result(s) need to look like are also available inside PRTG in "Setup | PRTG API | Custom Sensors".
By the way, in the current version of the WMI Eventlog Sensor has an include/exclude switch for each filter category, though it can only include or exclude for one category or phrased differently: you can't apply and include and exclude filter at the same time for for event-ids like "Include id 1234 but exclude 5678".
Kind regards,
Erhard
May, 2018 - Permalink