We have a computer that receives Windows Event Logs from other computers around the office. I would like to monitor the "Forwarded Events" event log but the PRTG system does not seem to be able to do this. Is it possible?
Article Comments
Hello,
I am novice with prtg sofftware.
I would like to be able to monitor remote backup logs of about 40 servers.
I downloaded the EventlogReaderXML.exe file and the ovl file.
I dropped the file EventlogReaderXML.exe in "% programfiles (x86)% \ PRTG Network Monitor \ Custom Sensors \ EXEXML"
I filed the OVL file in "% programfiles (x86)% \ PRTG Network Monitor
lookups \ custom"
I configured the sensor:
-f = c: \ Windows \ System32 \ winevt \ Logs \ Microsoft-Windows-Backup.evtx -s = Backup -u = domain \ user -p = XXXXXX -m = 5000
It works but PRTG reads my local log file.
I tried:
-f = \\ 10.144.245.129 \ c $ \ Windows \ System32 \ winevt \ Logs \ Microsoft-Windows-Backup.evtx -s = Backup -u = domain \ user -p = XXXXXX -m = 5000
It does not work because the file is locked.
If I copy the file "Microsoft-Windows-Backup.evtx" to testbackup.evtx and query it, it works.
Sorry for my mediocre English (thanks google), what is the best way to proceed?
Thank you in advance for your suggestions cordially
Feb, 2018 - Permalink
Why not use the WMI Event Log Sensor or this one instead? :)
Kind regards,
Stephan Linke, Tech Support Team
Mar, 2018 - Permalink
Hello,
Unfortunately, it's not possible to use PRTG Eventlog Sensors to monitor forwarded events.
What could be interesting for you is the EventlogReaderXML Sensor by PRTG Tools Family.
You can download the sensor here.
After the download is done, extract the files and copy the sensor file "EventlogReaderXML.exe into the following directory:
Than create the Exe/Script Advanced sensor on the local probe device. The sensor parameters are:
Please be aware, we don´t offer support for third party Sensors, so if you run into issues with this one you have to contact ptf directly.
Sep, 2016 - Permalink