This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Event Log scanning tutorial

Go to solution
DaveinJP
Engaged Sweeper III

‎09-23-2015 01:11 AM

I've been all over your knowledge base and have searched quite a bit in the forum as well, but no answer exists that I have found.

I want to implement a basic event log scanning and monitoring capability.

Goals:
Collect data on all servers but only specific workstations.

Collect data on only certain events.

Keep eventlog table relatively small.

Can you provide a link to information on log scanning and outline the basic configuration options possible?

I see a lot of stuff on "just turn it off" to increase performance.

Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
Bruce_B
Lansweeper Alumni

‎08-21-2017 03:02 PM

Scanning for specific error events isn't possible at this moment, but there are some things you can do:

-Scanning eventlog entries only for specific computers and disable it for all others:
  • Go to Scanning\Scanned Item Interval and uncheck the "Enable" checkbox for the EVENTLOG item
  • Go to Scanning\Scanning Targets and set up an eventlog only scanning target for all assets you want the eventlog scanned from


-Excluding the scanning of certain error events, as explained here.

View solution in original post

0 Kudos
4 REPLIES 4
Go to solution
DaveinJP
Engaged Sweeper III

‎08-21-2017 09:22 PM

Fantastic, thank you.
0 Kudos
Go to solution
Bruce_B
Lansweeper Alumni

‎08-21-2017 03:02 PM

Scanning for specific error events isn't possible at this moment, but there are some things you can do:

-Scanning eventlog entries only for specific computers and disable it for all others:
  • Go to Scanning\Scanned Item Interval and uncheck the "Enable" checkbox for the EVENTLOG item
  • Go to Scanning\Scanning Targets and set up an eventlog only scanning target for all assets you want the eventlog scanned from


-Excluding the scanning of certain error events, as explained here.
0 Kudos
Go to solution
vmicovic
Engaged Sweeper II

‎08-21-2017 12:38 PM

is this still unsupported?
0 Kudos
Go to solution
Daniel_B
Lansweeper Alumni

‎09-23-2015 01:42 PM

Limiting the scan of event log entries to specific IDs or specific machines is not currently supported unfortunately. You can enable or disable scanning of Warning, Information, Success Audit and Failure Audit events from all machines. All further processing needs to happen on your database through custom reports, Dashboard widgets or email alerts which filter on specific IDs. To increase the scanning interval of eventlog scanning on specific computers you can use Scheduled eventlog scanning.
Not sure if filtering during scanning is feasible in regards to performance, but we have this on our customer wish-list.

A good way of getting an overview on specific event IDs is the event filter widget. You can add it to your Dashboard by hitting Add widgets and dragging it to the Dashboard. hit the edit icon at the top right to set it up. You can filter on multiple criteria: computer name, event ID, event type, log file, source name, user, domain, message text, domain role of the computer

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now