DX Unified Infrastructure Management

  • 1.  LOGMON Probe - EventID Windows

    Posted Feb 14, 2017 06:08 AM

    Hello Folks,

     

    Is possible to check and validate an EventID of Windows Server 2008 R2 with LOGMON probe? 

    We want to monitoring the eventID 6008 (shutdown unexpected). 

     

    Anyone has experience monitoring EventID by Windows? Could explain with more details how this works ? 

     

    Regards,

    Jean Gomes



  • 2.  Re: LOGMON Probe - EventID Windows

    Broadcom Employee
    Posted Feb 14, 2017 06:10 AM

    Hello.

    Use ntevl probe for this. logmon probe is unable to read Windows Event log.



  • 3.  Re: LOGMON Probe - EventID Windows

    Posted Feb 14, 2017 06:13 AM

    Hello Yu,

     

    Thank you very much for your reply.

    I will try to monitoring with NTEVL.

     

    Regards



  • 4.  Re: LOGMON Probe - EventID Windows

    Posted Feb 14, 2017 01:38 PM

    Hi Yu,

     

    For environments where the usage of the ntevl probe are not a possible solution (why not ?), it's exist a Microsoft binary to manage Event Log in command line mode.

     

    I think it's possible to use it with the "command" option of the logmon probe and analyse the standart output, or, export in a log file with a date and a time for the filename and call a second profil in the logmon probe to read the file (and crossed with the usage of patterns %y %m %d ...)

     

    Query and Manage Event Logs with the Windows Events Command Line Utility 

     

    Best regards,

    Jonathan



  • 5.  Re: LOGMON Probe - EventID Windows
    Best Answer

    Broadcom Employee
    Posted Feb 14, 2017 07:53 PM

    Hello, Jonathan.

    Thank you very much for sharing this here.

    It is very useful.

     

    A quick note about the usage of "command" mode in logmon probe.

    In normal file scan in logmon probe, we use pointer to identify the position we have already scanned.

    In "command" mode scan, we scan for the entire output off the command so scan result might cause duplicated matching.

     

     

    Regards,

    Yu Ishitani