Tracking Custom Event Log in OpManager
Hello,
In today's article, I will share information with you about tracking Custom Event Log in OpManager software.
Although the Best Practice is to use the "EventLog Analyzer" product to perform many tracking such as this, we can also perform custom event log tracking without using this add-on.
In order to do this tracking, we first need to add these custom event logs to the `Win32_NTLogEvent` WMI class:
Verify Access to Log File
The first step is to verify if the log file is accessible using Win32_NTLogEvent.
You can perform this validation in Powershell with the following WMI query. (This query is the same as the query run by the Agency to collect these events.)
Get-WmiObject Win32_NTLogEvent
If the results are not coming, it means that the log file cannot be accessed and in this case you will need to add the log file to the Windows Registry.
To Add the Log File to Windows Registry:
1-) Find the Log File in Event Viewer:
Find the event logs you want to monitor in Event Viewer. After you find the log file, you can find the Log path and Full Name information by clicking "properties" in the "Actions" section.
For example, here's how to monitor the "Operational" event log in the Microsoft/Windows/TaskScheduler folder:
2-) Open Windows Registry:
Open the Windows Registry (you can access it by searching for regedit.exe). In the registry editor, locate the EventLog folder in the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
3-) Create New Key:
Create a new key by naming the event log you want to monitor.
This name should be in the path-to-folder/LogFileName format found in the "Full Name" section in Event Viewer.
4-) Add Values to the Key:
i) First, add a String Value (REG_SZ) containing the path to the log file and name it "File".
ii) Then add a String Value (REG_SZ) containing the Full Name of the Log file and name it "Primary Module".
iii) Finally, add an Expandable String Value containing the path of the Windows Event Log Api DLL (%SystemRoot%\system32\wevtapi.dll) and name it "DisplayNameFile".
5-) Changes Will Come Into Effect Immediately:
The changes you make will take effect immediately.
You can try the above query again to verify if the event log is accessible through the Win32_NTLogEvent WMI class.
You can then continue adding events to the Event Viewer integration configuration file.
Note: If you still do not receive events when you run the query, verify if there are events in the relevant log file in Event Viewer.
Also, make sure that event logging is not disabled and that recent events are available.
After following these steps,
Log in to the OpManager interface.
After pressing Settings, click on Event Log Rules.
On the page that appears, click on the "Add Custom Event Rule" option on the right.
After filling in the necessary information and saving it, click Add this time.
After filling in the required fields according to your preferences in the window in the screenshot above, press Save.
Once you complete these steps in order, you will be able to track Custom Event Log in OpManager without any add-on.
Related Articles
OpManager Request List
WOTECH Information Technologies ManageEngine OpManager Pre-Installation Preparations (Expectations from the Customer) A) The document Purpose: It was created to convey the expected requirements from the customer during the implementation of the ...Uninstalling a Specific Microsoft Office Version Using Custom Script with Endpoint Central
Uninstalling a Specific Office Version This section explains the steps to follow to remove only a specific version of Microsoft Office from the device. Select the appropriate VBS script file for the version to be uninstalled from the following VBS ...Query that Reports System Logs in the Product - PgSQL
Hello, Below is the query report that provides a breakdown of all transactions on the Servicedesk Plus product. To run this report, you can run the query and document the results via the Reports --> New Report --> Query Report menu. SELECT ...Endpoint Central SIEM Integration
EPC does not have syslog forwarding capability for operations performed on it. Note : This feature is available in Endpoint Central version 11.4.2524.01 or later. Ref: ...PDF Export Error (Puppeteer) – Solution Guide
Hello, If you are having trouble downloading reports in any format, you may be receiving the following error in the logs. ❗ Error Description: After migrating to Puppeteer, you may encounter the following error when exporting PDF: Error in Exporting ...