Good day Team.
we want to be able to monitor certain events in the eventlog of Windows Servers.
In this special case we want to monitor the event that hinders Terminal Server users from connecting to a Terminal Server in the AX environment.
How can one go about this.
Thanks in anticipation of your response.
Best,
Fikayo
A screenshot or some more specific information would be helpful.
Thanks for the response Andreas.
we want to monitor the Windows Event ID “7011” of our Terminal Windows servers in Check mk.
Is this info specific enough. Let me know should you need more specific info.
Thanks.
Have you configured your agent that it transmits the Windows event logs?
Inside which Windows event log you see this event?
If it is not a warning or critical event inside Windows then it gets a little bit complicated as you need to transmit all events not only the warn and crit.
The Events are in the “System” windows event log
We already configured our checkmk.yml file in programmefile86 (C:\Program Files (x86)\checkmk\service) as
logwatch:
enabled: yes
logfile:
- 'System': all nocontext
- 'Application': warn nocontext
- '*': off
We also setup a rule in Check_mk for log forwarding to EventConsole
Now we have the Log Forwarding service being monitored but does not give full details
We only get “Forwarded 2 messages”
In the picture you can see how the rule was configured.
How can we specify the event ID 7011 and also receive details about these events in checkmk?
Thanks
Next step is to create a rule inside the event console that catches your forwarded event. At the first step i would create a catch all rule that i can see how the messages look like. Then i would modify the rule that it only matches your wanted event.
Thanks so much, you have been helpful.
I am already getting some events.
I will look more into it on Monday and let you know if there are any questions.
Thanks
Good morning.
One question, does the ID in the event console correspond to the windows event ID in the windows event logs?
Thanks.
Hallo,
I can now see the event I want to monitor in the event console but yet to figure out where exactly to restrict the rule to just this one event.
A hint in the right direction would be helpful.
Thanks
For the message part you need to create a regular expression what matches your only wanted event id. At the moment you get all events from this host.
Done that already.
Thanks for the response
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
