PRTG Manual: WMI Event Log Sensor
The WMI Event Log sensor monitors a specific Windows log file using Windows Management Instrumentation (WMI). It shows the number of new records (volume), the number of new records per second (speed), and it returns the last message in the sensor status.
For this sensor type credentials for Windows systems must be defined for the device you want to use the sensor on.
Note: Sensors using the Windows Management Instrumentation (WMI) protocol have high impact on the system performance! Try to stay below 200 WMI sensors per probe. Above this number, please consider using multiple Remote Probes for load balancing.
For a general introduction to the technology behind WMI, please see Monitoring via WMI section.
The Add Sensor dialog appears when adding a new sensor on a device manually. It only shows the setting fields that are imperative for creating the sensor. Therefore, you will not see all setting fields in this dialog. You can change all settings in the sensor's Settings tab later.
If you select more than one log file, multiple sensors are created at once in the Add Sensor dialog. The settings you make in this dialog are valid for all of the sensors that are created.
The following settings for this sensor differ in the 'Add Sensor' dialog in comparison to the sensor's settings page:
WMI Eventlog Monitor |
|
---|---|
Log file |
The Windows event log provides several different log files. A list specific to your system is shown. Please select one or more log files from the list by adding a check mark in front of the respective line. For each log one sensor will be created. The log file setting of a sensor cannot be changed later. |
On the sensor's details page, click on the Settings tab to change settings.
Note: If not set explicitly in a sensor's settings, it will connect to the IP Address or DNS Name defined in the settings of the parent device the sensor is created on.
Basic Sensor Settings |
|
---|---|
Sensor Name |
Enter a meaningful name to identify the sensor. The name will be shown by default in the device tree and in all alarms. |
Tags |
Enter one or more tags, separated by space or comma. You can use tags to group sensors and use tag-filtered views later on. Tags are not case sensitive. We recommend using the default value. You can add additional tags to it, if you like. Other tags are automatically inherited from objects further up in the device tree. Those are not visible here. |
Priority |
Select a priority for the sensor. This setting determines where the sensor will be placed in sensor lists. Top priority will be at the top of a list. You can choose from one star (low priority) to five stars (top priority). |
WMI Event Log Monitor |
|
---|---|
Log file |
Shows the Windows log file that this sensor will monitor. Once a sensor is created this value cannot be changed. It is shown for reference purposes only. If you need to change this, please add the sensor anew. |
Filter Event Log Entries |
|
---|---|
Filter by Source |
Filter all received events for a certain event source. If enabled, only messages matching the defined value will be considered by the sensor. Choose between:
|
Match String (Event Source) |
This field is only visible if filtering is enabled above. Enter a source from which the events are to come from. Only events from a source matching this string will be regarded, others ignored. You can also use the percent sign (%) as placeholder for any or no character (as known from the asterisk sign (*) in Windows search) in combination with a substring. For example, you can enter %RAS% for any event source containing the string RAS. Please enter a string. |
Filter by ID |
Filter all received events for a certain event ID. If enabled, only messages matching the defined value(s) will be considered by the sensor. Choose between:
|
Match Value (Event ID) |
This field is only visible if filtering is enabled above. Enter one or more event IDs (comma separated) from which the events are to come from. Only events with an ID matching one of the values will be regarded. Please enter one integer value or more comma separated integer values. |
Filter by Category |
Filter all received events for a certain event category. If enabled, only messages matching the defined value will be considered by the sensor. Choose between:
|
Match String (Event Category) |
This field is only visible if filtering is enabled above. Enter a category which the events are to have. Only events with a category matching this string will be regarded. You can also use the percent sign (%) as placeholder for any or no character (as known from the asterisk sign (*) in Windows search) in combination with a substring. For example, you can enter %N% for any event category containing the character N. Please enter a string. |
Filter by Event User |
Filter all received events for a certain event user. If enabled, only messages matching the defined value will be considered by the sensor. Choose between:
|
Match String (Event User) |
This field is only visible if filtering is enabled above. Enter a user name which the event are to be assigned to. Only events with a user name matching this string will be regarded. You can also use the percent sign (%) as placeholder for any or no character (as known from the asterisk sign (*) in Windows search) in combination with a substring. For example, you can enter A% for any user name starting with the character A. Please enter a string. |
Filter by Event Computer |
Filter all received events for a certain event computer. If enabled, only messages matching the defined value will be considered by the sensor. Choose between:
|
Match String (Event Computer) |
This field is only visible if filtering is enabled above. Enter a computer name which the events are to be assigned to. Only events with a computer name matching this string will be regarded. You can also use the percent sign (%) as placeholder for any or no character (as known from the asterisk sign (*) in Windows search) in combination with a substring. Please enter a string. |
Filter by Event Message |
Filter all received events for a certain event message. If enabled, only messages matching the defined value will be considered by the sensor. Choose between:
|
Match String (Event Message) |
This field is only visible if filtering is enabled above. Enter a message which the event must contain. Only events with a message matching this string will be regarded. You can use the percent sign (%) as placeholder for any or no character (as known from the asterisk sign (*) in Windows search) in combination with a substring here. Please enter a string. |
Sensor Display |
|
---|---|
Primary Channel |
Select a channel from the list to define it as the primary channel. In the device tree, the last value of the primary channel will always be displayed underneath the sensor's name. The available options depend on what channels are available for this sensor. |
Chart Type |
Define how different channels will be shown for this sensor.
|
Stack Unit |
This setting is only available if stacked graphs are selected above. Choose a unit from the list. All channels with this unit will be stacked on top of each other. By default, you cannot exclude single channels from stacking, if they use the selected unit. However, there is an advanced procedure to do so. |
By default, all following settings are inherited from objects higher in the hierarchy and should be changed there, if necessary. Often, best practice is to change them centrally in the Root group's settings. To change a setting for this object, disable inheritance by clicking on the check mark symbol in front of the respective setting name. You will then see the options described below.
Scanning Interval |
|
Scanning Interval |
The scanning interval determines the time the sensor waits between two scans. Select a scanning interval (seconds, minutes, or hours) from the list. You can change the available intervals in the system administration. |
Schedules, Dependencies, and Maintenance Window |
|
---|---|
Note: Inheritance for schedules, dependencies, and maintenance windows cannot be interrupted; the according settings from the parent objects will always be active. However, you can define additional settings here. They will be active in parallel to the parent objects' settings. |
|
Schedule |
Select a schedule from the list. Schedules can be used to pause monitoring for a certain time span (days, hours) throughout the week. You can create new schedules and edit existing ones in the account settings. Note: Schedules are generally inherited. New schedules will be added to existing ones, so all schedules are active. |
Maintenance Window |
Specify if you want to set-up a one-time maintenance window. During a maintenance window this object and all child objects will not be monitored. They will enter a paused state then. Choose between:
|
Maintenance Begins At |
This field is only visible if maintenance window is enabled above. Use the date time picker to enter the start date and time of the maintenance window. |
Maintenance End At |
This field is only visible if maintenance window is enabled above. Use the date time picker to enter the end date and time of the maintenance window. |
Dependency Type |
Define a dependency type. Dependencies can be used to pause monitoring for an object depending on the status of another. You can choose between:
Note: Testing your dependencies is easy! Simply choose Simulate Error Status from the context menu of an object that other objects depend on. A few seconds later all dependent objects should be paused. |
Dependency |
This field is only visible if the select object option is enabled above. Click on the reading-glass symbol and use the object selector to choose an object on which the current sensor will be dependent on. |
Delay (Seconds) |
Define a time span. After the master object for this dependency comes back to an Up status, monitoring of the depending objects will be additionally delayed by the defined time span. This can help avoid false alarms, for example, after a server restart, by giving systems more time for all services to start up. Please enter an integer value in seconds. Note: This setting is not available if you choose this sensor to be the Master object for parent. In this case, please define delays in the parent Device Settings or the superior Group Settings. |
Access Rights |
|
User Group Access |
Define which user group(s) will have access to the object you're editing. A table with user groups and right is shown; it contains all user groups from your setup. For each user group you can choose from the following access rights:
You can create new user groups in the System Administration—User Groups settings. To automatically set all objects further down in the hierarchy to inherit this object's access rights, set a check mark for the Revert children's access rights to inherited option. |
Click on the Channels tab to change display settings, spike filter, and limits. For detailed information, please see Sensor Channels Settings section.
Click on the Notifications tab to change notification triggers. For detailed information, please see Sensor Notifications Settings section.
For more general information about settings, please see Object Settings section.
For information about sensor settings, please see the following sections:
Keywords: