log Integration
windows-event (en)


ServicePilot log-windows-event


# Windows Event

Overview

This package extracts logs from a Windows EventLog and presents them in ServicePilot as object logs.

Description

ServicePilot uses a ServicePilot Agent installed on the target machine to extract event logs and send them to ServicePilot as object logs. These logs can be filtered based on type and severity before being forwarded to ServicePilot.

Requirements

  • The ServicePilot Agent must be installed directly on the machine that has the log to parse.

  • Network Flows - It is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure with a firewall, all of the following flows must be opened:

    • ServicePilot Manager Web server access (by default TCP/80 when using HTTP or TCP/443 when using HTTPS although this port is configurable): Between ServicePilot Agent and ServicePilot Manager
  • ServicePilot Requirements

    • ServicePilot Manager minimum version: 8.5
    • ServicePilot Agent minimum version: 8.5 installed and configured

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place and if a ServicePilot Agent is required, that it is communicating correctly with the ServicePilot Manager. Resources can be added to ServicePilot configuration in a number of ways:

Add resource using Views Configuration web interface

  1. As an administrative user of ServicePilot, open the ServicePilot web interface.
  2. Navigate to Administration. The Configuration > Views web page will open.
  3. Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
  4. From the Packages list on the right of the interface, click and drag the log-windows-event package into the View editor and let go.
  5. The Package properties dialog box will open to allow resource configuration.
  6. Click OK to close the Package properties dialog box. Note that the dialog box will not close if required parameters are not set.
  7. Click Save to apply the new resource to ServicePilot configuration.

Add resource by changing servicepilot.conf configuration file

Resources can be added to ServicePilot configuration by directly editing the servicepilot.conf or other included YAML configuration files. The ServicePilot web interface can be used to make these changes and apply them to the running configuration.

  1. As an administrative user of ServicePilot, open the ServicePilot web interface.
  2. Navigate to Administration.
  3. Navigate to Configuration > Edit configuration.
  4. Expand the configuration to find the provisioning: and then packages: section of the view in which the new resource will be placed.
  5. Add the example package configuration line below.
  6. Click on the green - package: word to open then Package properties dialog box to allow resource configuration.
  7. Click OK to close the Package properties dialog box. Note that the dialog box will not close if required parameters are not set.
  8. Click Save to apply the new resource to ServicePilot configuration.

Example:

- package: "log-windows-event;;;;;;;;log-windows-event;;Y;Y;Y;Y;Y;Y"

Key field notes

  1. In the Monitoring Policies tab, specify the policy or policies to apply to the package

  2. Event Type tab:

    1. Monitor System Events: Set it on to get statistics for System Events
    2. Monitor Security Events: Set it on to get statistics for Security Events
    3. Monitor Application Events: Set it on to get statistics for Application Events
    4. Monitor DNS Events: Set it on to get statistics for Domain Name Events
    5. Monitor FRS Events: Set it on to enable File Replication Events
    6. Monitor Directory Service Events: Set it on to get statistics for Directory Service Events
  3. Event Severity tab:
    • Select all of the event severity levels that should be included
log windows-event 0

log windows-event 1