Log management
How to monitor WINDOWS-EVENT-SEARCH?


ServicePilot log-windows-event-search




What is Windows Event Search?

Once collected, detailed events of a Microsoft Windows Operating System (OS) can be automatically analyzed in the ServicePilot web interface.

Windows Event Search monitoring

This package performs a variety of pre-built searches in order to automatically analyze data across every host forwarding Windows Events to ServicePilot.

Different types of searches are performed:

  • Active Directory Critical Events: Monitors and triggers an alarm if any AD critical event occurs (1102, 4618, ...)
  • User Login Failure Events: Monitors and alerts when users fail to log in (along with failed login reasons)
  • Domain Controller Kerberos Authentication Events: Monitor Domain Controller and Kerberos critical events (failed Kerberos, DC logon, low encryption...)
  • Password Change events: Monitors and matches user accounts for which password has changed
  • and more...

Please note that for some searches, it also depends on the severity level or other filters on specific events that you established before forwarding events to ServicePilot.


Log Management solutions