Tracking Custom Event Log in OpManager
Hello,
In today's article, I will share information with you about tracking Custom Event Log in OpManager software.
Although the Best Practice is to use the "EventLog Analyzer" product to perform many tracking such as this, we can also perform custom event log tracking without using this add-on.
In order to do this tracking, we first need to add these custom event logs to the `Win32_NTLogEvent` WMI class:
Verify Access to Log File
The first step is to verify if the log file is accessible using Win32_NTLogEvent.
You can perform this validation in Powershell with the following WMI query. (This query is the same as the query run by the Agency to collect these events.)
Get-WmiObject Win32_NTLogEvent
If the results are not coming, it means that the log file cannot be accessed and in this case you will need to add the log file to the Windows Registry.
To Add the Log File to Windows Registry:
1-) Find the Log File in Event Viewer:
Find the event logs you want to monitor in Event Viewer. After you find the log file, you can find the Log path and Full Name information by clicking "properties" in the "Actions" section.
For example, here's how to monitor the "Operational" event log in the Microsoft/Windows/TaskScheduler folder:
2-) Open Windows Registry:
Open the Windows Registry (you can access it by searching for regedit.exe). In the registry editor, locate the EventLog folder in the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
3-) Create New Key:
Create a new key by naming the event log you want to monitor.
This name should be in the path-to-folder/LogFileName format found in the "Full Name" section in Event Viewer.
4-) Add Values to the Key:
i) First, add a String Value (REG_SZ) containing the path to the log file and name it "File".
ii) Then add a String Value (REG_SZ) containing the Full Name of the Log file and name it "Primary Module".
iii) Finally, add an Expandable String Value containing the path of the Windows Event Log Api DLL (%SystemRoot%\system32\wevtapi.dll) and name it "DisplayNameFile".
5-) Changes Will Come Into Effect Immediately:
The changes you make will take effect immediately.
You can try the above query again to verify if the event log is accessible through the Win32_NTLogEvent WMI class.
You can then continue adding events to the Event Viewer integration configuration file.
Note: If you still do not receive events when you run the query, verify if there are events in the relevant log file in Event Viewer.
Also, make sure that event logging is not disabled and that recent events are available.
After following these steps,
Log in to the OpManager interface.
After pressing Settings, click on Event Log Rules.
On the page that appears, click on the "Add Custom Event Rule" option on the right.
After filling in the necessary information and saving it, click Add this time.
After filling in the required fields according to your preferences in the window in the screenshot above, press Save.
Once you complete these steps in order, you will be able to track Custom Event Log in OpManager without any add-on.
Related Articles
Query that Reports System Logs in the Product - PgSQL
Hello, Below is the query report that provides a breakdown of all transactions on the Servicedesk Plus product. To run this report, you can run the query and document the results via the Reports --> New Report --> Query Report menu. SELECT ...Endpoint Central SIEM Integration
There is no syslog forwarding feature for operations performed on the EPC. Instead, two different methods can be used. 1) Transferring logs via REST API. API Details : API Endpoint : /emsapi/server/auditLogs API Description: To fetch the event logs ...ADAudit Plus – Alerts and Alert Profiles Guide
What is ADAudit Plus? ADAudit Plus is a software used specifically for monitoring and securing Active Directory (AD) environments. This software monitors, audits, and reports on Active Directory and Windows Server-based systems. In short, ADAudit ...ServiceDesk Plus - Creating User List Additional Field in Request Form
When opening or editing a request, there may be times when we need to enter user information (name/surname) in addition to requester and technician information. Such situations may cause us to write incomplete or incorrect name and surname ...ServiceDesk Plus – Configure Technician to See Only Requests on Their Site
Scenario Let's say you have a branch or department in a different location or country. In such a scenario, you may want to integrate this branch or department into your existing Servicedesk Plus structure. However, you will need to create a separate ...