Zenoss ZenTech Community

I downloaded and installed Microsoft Windows ZenPack v.2.1.2, and got everything running, and working fine. The whole reason I was trying to do this, was to get Windows Event log alerts via email. In the wiki, there's a section that says:

To monitor EventLog events you should add to monitoring template with "Windows EventLog" datasource. For the Event Log field put the name of event log (e.g. "System") that you are interested in, and in the EventQuery you could put the filter for events. Filter is written as PowerShell scriptblock for Where-Object commandlet.

For example, here is Event Query for error events only:
{ $$_.EntryType -eq 'Error' }

But I don't understand how to make this work. I can see where you add the data source, but exactly how to get all the details filled out to actually monitor a specific windows event, I don't know... Taking the example, how would I monitor the "System" event log for errors only What event class would I tie it to What's an "Event Key"

Subject:	Event Log Monitoring
Author:	Dave Bouchillon
Posted:	2014-10-02 16:35

Hi,

Glad to hear most everything is running fine. There is an issue currently with the 2.1.2 version of the ZenPack when the event contains newline characters in the message. v2.1.3 addresses that issue.

We will also be updating the documentation surrounding Events. The following is valid for v2.1.2 of the ZenPack: The EntryType field of the EventLogEntry class is actually an enum type, System.Diagnostics::EventLogEntryType. So, to test for System error events, you will need to use the following:

{ $$_.EntryType -eq System.Diagnostics::EventLogEntryType::Error }

To gather all events from a log, enter an asterisk in the Query field.

Leave the Event Class and Key fields blank. The key is typically used to specify further information about specific events.

Thanks

Subject:	Windows Event Log Monitoring with Windows RM
Author:	[Not Specified]
Posted:	2014-09-19 21:15

Windows Event Log Monitoring with Windows RM