Using the Windows Event Log Wizard

The Windows® Event Log wizard enables you to create a Resource specifying an Event Log to test for the occurrence of a specific event.  You can test the Event Log for specific event entries written by a specific source.

There are three types of Event Logs:

• Application
• Security
• System

You can also specify the type of event you want tested. There are six types of events:

• Audit failure
• Audit success
• Error
• Information
• Success
• Warning

Specifying the log and type of event instructs Reveille to test a particular log for a particular event type.

For example:

You can test the application log for error events to determine when an application is not operating properly. The page or e-mail message Reveille sends is the same error message provided in the Windows Event Viewer.

If you are unsure of the information to enter, open the Windows Event Viewer, double-click on an appropriate event, and the Event Detail window appears. All of the information, such as Event ID, Source, Type, and so on, is available for the specific event.

To create a Resource specifying an Event Log to test for the occurrence of a specific event using the Windows Event Log wizard, follow these steps:

1. From the Add Monitor Tests Using Wizard window, select Windows Event Log Wizard, and click OK. The Check Windows Event Log Wizard window appears.
2. Click Next.  The Settings page appears.

3. Leave the Web Server Performing Check set to the Resource name selected.
4. (Optional)  If you leave Computer Name blank, the Windows Event Log for Resource name selected is tested. However, if you want to check the Windows Event Log for another computer, enter the name of the computer to be tested.
5. If you enter a Computer Name, verify that the Web server performing the check can view the Event Log for the selected computer by completing steps 6, 7, and 8.
   
   -OR-
   
   Go to step 9.
6. From your desktop, navigate to Start > Programs > Administrative Tools > Event Viewer.
7. Click Log > Select Computer. The Select Computer screen appears.
8. Select the computer name, and click OK. If you cannot select the computer name, you do not have permission to view computer's Event Log.
9. On the Windows Event Log Wizard window, under Domain, enter the name of the user domain.
10. Under User Name, enter Domain logon user name.
11. Under Password, enter the Domain logon user password.
12. Under Password Confirm, confirm the password entered in step 11.
13. (Optional) Select Encrypt User Name/Password to indicate that the user name and password should be encrypted.
14. Click Next.  The EventLog Settings window appears.
15. Under Log, select the log you want to test from the drop-down list.
16. (Optional)  Under Source Name, enter the source name of the log entry. Reveille automatically populates this field with SysmonLog. You may need to change this depending on what source is writing the event you want tested.
17. (Optional)  Under Event ID, enter the Event ID to be tested. The event ID is listed on the Event Detail window accessed from the Windows Event Viewer.
18. (Optional)  From the drop-down list under Event Type, select the type of event you want tested.
19. Under Retrieve Logs less than, enter an appropriate number of seconds. Reveille retrieves only those logs generated from zero seconds to the selected number of seconds. You need to enter the number of seconds best fitting the events you are testing.
    
    For example:
    You may want to test an application error written to the Event Log by the Performance Monitor. Because the Performance Monitor continually writes alerts to the log, you need to enter the same Periodic Update Interval specified on the Performance Monitor Alert Options window so Reveille is always using information from current logs. However, if you wish to test events written to the Event Log only once, you may wish to retrieve all of the logs generated during the testing period in which Reveille detected the event, the previous testing period, or the period between when an event starts and when Reveille begins paging support personnel.
    
    For example:
    If Reveille is set up to cycle every five minutes, cycle every two minutes if an error occurs, and page support four minutes after the event occurs, you should set the number of seconds to 660 (total seconds  = 11 minutes x 60 seconds).
20. Click Next.  An optional wizard screen where you match keywords in the Event Log is displayed.
21. (Optional) If you select Match Keywords in the Event Log, then at least one of the keywords entered must match the Event Log message to be successful. If you do not select Match Keywords in the Event Log, then none of the entered keywords should match to be successful.
22. (Optional) Under Keyword 1, Keyword 2, and Keyword 3, enter the keywords to match to the Event Log message.
23. Click Next.  The screen where you define, run, and add your Test appears.
24. Under Resource Name, enter the name of the Resource associated with this Test.
25. Under Test Description, enter the description of the current Test.
26. Select Auto-generate Resource Name to automatically generate the Resource Name based on the Host Name.
27. Click Run Test to run the current Test. The Test Result dialog appears showing the results of the Test.
28. Click Add Test to add the current Test to the named Resource. A dialog appears showing whether the Test was created.
29. Click Next.  The final screen appears.
30. Click Finish.

The Left Navigational Pane shows the new Resource and Test.