Hello all, I started using PRTG a few weeks ago and liking it. I am setting up some sensors for Event Viewer IDs that I want to monitor and be alerted about. I am using the Win API event log as it seems to work better for me than the WMI. However, I cant seem to find any options to monitor the Windows firewall with advanced security for Windows 10. I want to monitor the following events • ID 2003: The firewall was activated for a profile. • ID 2004: A new rule was created. • ID 2005: A rule was modified. • ID 2006: A rule was deleted What am I missing?
Article Comments
Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.
Hello Happy,
Thanks for the KB post, the Event Log Sensor indeed doesn't monitor events in Windows firewall with advanced security.
As a workaround, you would need to write a script, for example in Powershell to query the event log and use our custom sensor.
For more information please check these links:
https://www.paessler.com/manuals/prtg/exe_script_sensor.htm https://www.paessler.com/manuals/prtg/exe_script_advanced_sensor.htm
You can check the expected syntax for both sensors insider your PRTG under 'Setup > PRTG API', please refer to the "Custom Sensors" tab.
You can see examples for custom sensors within PRTG's folder under: C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors
Thanks.
With kind regards,
Chan Siau Hen
Technical Support Team, Paessler AG
Feb, 2021 - Permalink
Hello Happy,
Thanks for the KB post, the Event Log Sensor indeed doesn't monitor events in Windows firewall with advanced security.
As a workaround, you would need to write a script, for example in Powershell to query the event log and use our custom sensor.
For more information please check these links:
https://www.paessler.com/manuals/prtg/exe_script_sensor.htm https://www.paessler.com/manuals/prtg/exe_script_advanced_sensor.htm
You can check the expected syntax for both sensors insider your PRTG under 'Setup > PRTG API', please refer to the "Custom Sensors" tab.
You can see examples for custom sensors within PRTG's folder under: C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors
Thanks.
With kind regards,
Chan Siau Hen
Technical Support Team, Paessler AG
Feb, 2021 - Permalink
Now i try with custom EXE/SCRIPT sensor and no luck... I use modpoll.exe program ( https://www.modbusdriver.com/modpoll.html ) I don't know how to program script to run a program and read values.
In windows cmd i use command:
modpoll.exe -c 1 -r 1 -f -t 3:float -p 4001 -m enc 192.168.5.87and I get the answer :This is Phase 1 VOLT
If i use
modpoll.exe -c 1 -r 1 -f -t 3:float -p 4001 -m enc 192.168.5.87and I get the answer :-- Polling slave... (Ctrl-C to stop) [7]: 5.705577This is Current of L1Now have problem with writing script in Windows PowerShell ISE....
Can someone can help me ?
Thank you!
Damjan
Feb, 2021 - Permalink