How to monitor Event Logs in "Applications and Services Log" ?
Explanation :
Upon investigation, we discovered that the Win32_NTLogEvent WMI class, by default, includes only standard Event Log categories found under "Windows Logs." To access specific log names under "Applications and Services Logs," a corresponding registry entry for the desired log must be added. Once this entry is configured, users will be able to access the Event Log through the Win32_NTLogEvent class.
Upon investigation, we discovered that the Win32_NTLogEvent WMI class, by default, includes only standard Event Log categories found under "Windows Logs." To access specific log names under "Applications and Services Logs," a corresponding registry entry for the desired log must be added. Once this entry is configured, users will be able to access the Event Log through the Win32_NTLogEvent class.
Requesting to follow the steps :
- Take a backup of the registry.
- Open the Event Viewer, expand the tree containing the required log and then copy the content of the Full Name field from the Properties window:
- Example: Microsoft-Windows-DateTimeControlPanel/Operational
- Open the registry using the registry editor (regedit.exe) and navigate to the following path : "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog"
- Right click Eventlog -> New -> Key. Provide the value copied in step 2, for the Key.
- Close the registry editor to save the changes.
- To monitor "DateTimeControlPanel" event, you should create New Event Log in Applications Manager.
- Settings -> Log Rules -> Add New Event Log
- In the Add New Event Log Windows, the New Event Log Name should be added as 'Microsoft-Windows-DateTimeControlPanel/Operational' as given in the registry.
Now, create an event on the target server and execute the below script under <APM_Home>\working\conf\application\scripts directory. Kindly check log name in the script argument is the same as the name provided in the registry.
- cscript event.vbs "Hostname" "Username" "password" 300 "microsoft-windows-datetimecontrolpanel/operational" 500
Note: You need to replace hostname, username and password with actual credentials used in Applications Manager for the reported server.New to ADSelfService Plus?
Related Articles
Data is not being populated in the monitor, but is visible when the script is executed in the Powershell Window
Problem: Data is not being populated in the monitor, but is visible when the script is executed in the Powershell Window. Solution: The problem could be due to the any of the following: 1) Verify if AppManager service has permission to run the ...How to install .NET agent on Azure app services?
You can track the performance of your .NET and .NET Core web app's key metrics like response time, throughput, and Apdex score via the APM Insight .NET agent hosted in Azure App Services. Installing APM Insight extension via Azure portal 1. Log in to ...First step to do if no data is available for a tab in Hyper-V VM Monitor
In Hyper-V all the data has been collected via WMI. So if any of data is not retrieved properly in the UI, we can check it by executing VBScript in powershell. Steps to execute the VBScript in powershell: Navigate to ...Troubleshooting URL Monitor
When configuring a URL monitor in Applications Manager, you might encounter several errors related to accessibility, configuration, or server-side issues. Below are common errors along with step-by-step troubleshooting instructions to help you ...DNS Monitor - Troubleshooting
Common DNS Monitor Errors and Troubleshooting Guide 1. Host Not Found Description: The DNS server was unable to locate the requested lookup address. Possible Causes: This may happen if the hostname is incorrect, the domain does not exist, or there is ...