Print Friendly
Comments

Check the Event Logs

Examine entries written to the Windows Event Logs since the last task evaluation.

Task Parameters

Log Name: The name of the event log to examine. May be entered from the keyboard or clipboard, selected from the drop-down list of legacy log names (Application, System, Security) or, if connected to a local service instance, click the Log Name caption to select from a list enumerating all logs present on that machine.

Whether a channel (i.e. /Operational) should be specified in the log name is not always apparent. For example, while Microsoft-Windows-Folder Redirection/Operational must be addressed as such, events written by Windows Server Backup display with the log name Microsoft-Windows-Backup/Operational but the name of the log as it must be queried is simply Microsoft-Windows-Backup.

If unable to select from the Log Name enumeration, open Event Viewer, right-click the log in question, select Properties and check what is shown for Full Name.

Source: Filters the log entries examined by the event Source field. May be entered via the keyboard or clipboard or, if connected to a local service instance, click the Source caption to select from a list enumerating sources specified in recent entries written to the log on that machine. Optional.

Level/IDs: Filters the log entries examined by either; a) The event Level (selected from the drop-down) or; b) A list of specific event IDs. If connected to a local service instance, click the IDs caption to select from a list enumerating the ID of recent entries written to the log on that machine.

Alert Conditions

Having arrived at a short-list of log entries, as filtered by any specified Source, and/or the event Level or ID list, alerts may be conditioned on, whether since the last task evaluation, a matching event;

  • Was posted (at any level).
  • Was posted with level Warning (or higher).
  • Was posted with level Error (or higher).
  • Was posted with level Critical.
  • Was not posted.

29 August 2016