Enable log monitoring in a Windows environment

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 2 min. de leitura

    • To enable monitoring logs in a Windows environment, select the relevant policy and assign specific check parameters to the policy. When log monitoring is enabled and a specified string is discovered in the log being monitored, the system creates an event.

    Antes de Iniciar

    Role required: agent_client_collector_admin

    Procedimento

    1. Navigate to All > Agent Client Collector > Policies.
    2. Select the Windows log monitoring policy.
    3. On the Check Instances tab, select os.windows.check-log to enable monitoring Windows log files.
    4. On the Check Parameters tab, specify the log parameters to be monitored by the check, as described in the following table:
      Tabela 1. Check parameters
      Name Value
      warning Number of times the specified pattern strings are found in the log which generates a warning event. Default = 1.

      For example, if the pattern value is Exception and one Exception event is located in the log, a warning event is generated.
      critical Number of times the specified pattern strings are found in the log which generates a critical event. Default = 2.

      For example, if the pattern value is Exception and two Exception events are located in the log, a critical event is generated.
      file Location of the log file.
      pattern Strings which are being searched for in the log. Default values are Severe and Exception. Other possible values include 404 and Error.

      Ensure that you separate multiple patterns with a pipe (|) and pass it as a parameter inside quotes. For example: "SEVERE|404".
      Tabela 2. Check parameters
      Name Value
      warning Number of times the specified pattern strings are found in the log which generates a warning event. Default = 1.

      For example, if the pattern value is Exception and one Exception event is located in the log, a warning event is generated.
      state_dir Directory which stores the location in the log where the most recent log reading stopped. When the log reading resumes, it begins from the location indicated in this file, instead of starting again from the beginning of the log.
      critical Number of times the specified pattern strings are found in the log which generates a critical event. Default = 2.

      For example, if the pattern value is Exception and two Exception events are located in the log, a critical event is generated.
      file Location of the log file.
      pattern Strings which are being searched for in the log. Default values are Severe and Exception. Other possible values include 404 and Error.

      Ensure that you separate multiple patterns with a pipe (|) and pass it as a parameter inside quotes. For example: "SEVERE|404".