|
|
| Subject: | Windows Event Monitoring |
| Author: | [Not Specified] |
| Posted: | 2015-03-27 09:07 |
I am trying to monitor Windows Event logs for certain event IDs using WinRM on Zenoss 4.2.5 with the Windows ZenPack and am not able get the events to show up. I am using { $$_.EventID -eq 4733 } for the Event Query and have tried it with InstanceID. I can use the equivalent query in powershell and get the correct results. I was able to get alerting setup in the System log using { $$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning } to I know I am able to connect to the server and pull logs. Any help would be appreciated.
| Subject: | I was able to successfully |
| Author: | [Not Specified] |
| Posted: | 2015-05-05 12:31 |
I was able to successfully collect the log using a event query of { $$_.Message.Contains('Text to search for') -eq $$true }. I am experiencing issues with CPU and Memory usage when the event log gets over 1GB. I am thinking the query is causing the issue and that using the Event ID maybe a more efficient way of querying the security event logs. Anyone else find a better way of accomplishing this
Thanks
| Subject: | Did you configure the memory |
| Author: | [Not Specified] |
| Posted: | 2015-05-12 13:36 |
Did you configure the memory usage for WinRM on the monitored agents
| Subject: | event ids |
| Author: | Dave Bouchillon |
| Posted: | 2015-09-02 17:01 |
The ZenPack uses the Get-WinEvent powershell cmdlet which returns a list of EventLogRecord objects. Instead of comparing EventId, you need to compare against Id.
| < |
Previous Zenoss Core 5 - MySQL Database Monitor ZenPack not monitoring Zenoss Master Host |
Next Zenoss with Mikrotik Hotspots |
> |