# Windows Event
This package extracts logs from a Windows EventLog and presents them in ServicePilot as object logs.
ServicePilot uses a ServicePilot Agent installed on the target machine to extract event logs and send them to ServicePilot as object logs. These logs can be filtered based on type and severity before being forwarded to ServicePilot.
The ServicePilot Agent must be installed directly on the machine that has the log to parse.
Network Flows - It is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure with a firewall, all of the following flows must be opened:
- ServicePilot Manager Web server access (by default TCP/80 when using HTTP or TCP/443 when using HTTPS although this port is configurable): Between ServicePilot Agent and ServicePilot Manager
- ServicePilot Manager minimum version: 8.5
- ServicePilot Agent minimum version: 8.5 installed and configured
Before adding a resource to monitor, make certain that all pre-requisites are in place and if a ServicePilot Agent is required, that it is communicating correctly with the ServicePilot Manager.
Add resource using Views Configuration web interface
- As an administrative user of ServicePilot, open the ServicePilot web interface.
- Navigate to Administration. The Configuration > Views web page will open.
- Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
- From the Packages list on the right of the interface, click and drag the log-windows-event package into the View editor and let go.
- The Resource properties dialog box will open to allow resource configuration.
- Click OK to close the Resource properties dialog box. Note that the dialog box will not close if required parameters are not set.
- Click Save to apply the new resource to ServicePilot configuration.
Key field notes
In the Monitoring Policies tab, specify the policy or policies to apply to the resource
Event Type tab:
- Monitor System Events: Set it on to get statistics for System Events
- Monitor Security Events: Set it on to get statistics for Security Events
- Monitor Application Events: Set it on to get statistics for Application Events
- Monitor DNS Events: Set it on to get statistics for Domain Name Events
- Monitor FRS Events: Set it on to enable File Replication Events
- Monitor Directory Service Events: Set it on to get statistics for Directory Service Events
- Event Severity tab:
- Select all of the event severity levels that should be included