→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DaveinJP
Engaged Sweeper III
I've been all over your knowledge base and have searched quite a bit in the forum as well, but no answer exists that I have found.

I want to implement a basic event log scanning and monitoring capability.

Goals:
Collect data on all servers but only specific workstations.

Collect data on only certain events.

Keep eventlog table relatively small.

Can you provide a link to information on log scanning and outline the basic configuration options possible?

I see a lot of stuff on "just turn it off" to increase performance.

1 ACCEPTED SOLUTION
Bruce_B
Lansweeper Alumni
Scanning for specific error events isn't possible at this moment, but there are some things you can do:

-Scanning eventlog entries only for specific computers and disable it for all others:
  • Go to Scanning\Scanned Item Interval and uncheck the "Enable" checkbox for the EVENTLOG item
  • Go to Scanning\Scanning Targets and set up an eventlog only scanning target for all assets you want the eventlog scanned from


-Excluding the scanning of certain error events, as explained here.

View solution in original post

4 REPLIES 4
DaveinJP
Engaged Sweeper III
Fantastic, thank you.
Bruce_B
Lansweeper Alumni
Scanning for specific error events isn't possible at this moment, but there are some things you can do:

-Scanning eventlog entries only for specific computers and disable it for all others:
  • Go to Scanning\Scanned Item Interval and uncheck the "Enable" checkbox for the EVENTLOG item
  • Go to Scanning\Scanning Targets and set up an eventlog only scanning target for all assets you want the eventlog scanned from


-Excluding the scanning of certain error events, as explained here.
vmicovic
Engaged Sweeper II
is this still unsupported?
Daniel_B
Lansweeper Alumni
Limiting the scan of event log entries to specific IDs or specific machines is not currently supported unfortunately. You can enable or disable scanning of Warning, Information, Success Audit and Failure Audit events from all machines. All further processing needs to happen on your database through custom reports, Dashboard widgets or email alerts which filter on specific IDs. To increase the scanning interval of eventlog scanning on specific computers you can use Scheduled eventlog scanning.
Not sure if filtering during scanning is feasible in regards to performance, but we have this on our customer wish-list.

A good way of getting an overview on specific event IDs is the event filter widget. You can add it to your Dashboard by hitting Add widgets and dragging it to the Dashboard. hit the edit icon at the top right to set it up. You can filter on multiple criteria: computer name, event ID, event type, log file, source name, user, domain, message text, domain role of the computer