Event

 

 

 

The Event impeller is used to enqueue a job for execution when an event occurs in the Windows event log system that meets specific criteria.

 

This impeller extends basic impeller functionality.  For details common to all job impellers click here.

 

In addition to the common attributes shared by all impellers this impeller type has the following attributes:

Filter Mode: Allows the user to specify how filter criteria will be supplied.

Standard: Specify this mode to use the graphical user interface to specify query criteria.  This mode allows for the easiest configuration of criteria but for the most flexible select the Query mode instead. 

Log Name(s): The name (or names) of the Windows Event Logs to be monitored separated by a comma.  At least one log selection is required in order to configure the impeller.

Source Name(s):  The name (or names) of the sources (also known as providers) to monitor separated by a comma.  Leaving this blank will monitor all sources in the selected logs.

Event ID(s): The event ID values to filter for.  Enter individual event IDs separated by commas or specify hyphenated ranges or mix and match.  Leaving this blank will monitor all event IDs in the selected logs.  Ranges are specified as X-Y with the lower number first.  Range exclusions are provided as -X with X being the value to exclude.

Level(s): The level or levels to filter for.  All valid choices are available in the list.  Selecting no levels will monitor events of all levels in the selected logs.

Message Filter: Allows you to specify regular expressions that can match content in the formatted message text of the event to further filter messages.  NOTE: You may use SYSTEM tokens (such as {SYSTEM-NAME}) in this regular expression.

Preview:  Press this button to validation your selection criteria and generate filter XML in a preview window.  You can copy this XML and switch to Query filter mode and then paste the XML and customize it.

Query: Specify this mode to manually specify query logic using Microsoft Event Log Query syntax. This syntax is not documented in this help file but can be located on the Microsoft website.  This mode allows for the most flexible configuration of criteria but the easiest select the Standard mode instead.

Event Query: A custom XML query written that specifies the criteria in a manner which may not be able to be represented graphically.

After making changes be sure to press the Update button to save your changes.  You will not be able to save invalid filter criteria.

NOTE: The Event impeller works in conjunction with the pasUnity Event Reader Agent which only works on operating systems running Windows Vista or higher.

 

Copyright © 2024 pasUNITY, Inc.

 

Send comments on this topic.