The Windows Event Log passive monitor listens for Windows events on the devices to which it is assigned. Windows event logs record Windows events that occur on devices. For more information about the information the type of information gathered and reported in Windows logs, see the Microsoft support site.

When assigning a Windows Event Log passive monitor to a device, make sure the device has credentials assigned to it before creating the passive monitor. To use multiple Windows Event Log passive monitors, assign a unique Windows Event Log passive monitor for each device.

The Windows Event Log passive monitor requires the following credentials:

  • Windows

Configure the Windows Event Log passive monitor using the following boxes::

  • Name. Enter a unique name for the passive monitor. This name displays in the Monitor Library.
  • Description. (Optional) Enter a short description for the passive monitor. This description displays next to the monitor in the Monitor Library.
  • Condition. Click Edit to enter a list of Windows event log conditions to match or Clear to remove a condition from the box. Only the log entries matching these expressions are converted to events. Conditions are processed sequentially from top to bottom. As each condition is evaluated, the results are applied to the next condition until all conditions are evaluated. For complex sets of conditions involving both ANDs and ORs, this serial logic may produce different results than intended. As a best practice, we recommend keeping conditions simple by opting for multiple Passive Monitors over complex sets of conditions. When complex conditions are unavoidable, we recommend grouping all OR conditions together at the beginning of the set of conditions, followed by the ANDs.
  • Match On. Click Add to access the Rules Expression Editor, where you can create a rule expression, test it, and compare it against potential Windows event logs you may receive. After creating the expression, click OK to insert that string into the Match On list.
  • Add. Click to view the Rules Expression Editor and create a rules expression, test it, and compare it against potential Windows events that Network Performance Monitor may receive. After creating the expression, click OK to insert that string into the Match on box.
  • Edit. Click to edit a selected Windows event log match.
  • Remove. Click to remove a selected Windows event log match.