Suppose you use Symantec's Norton AntiVirus product to protect various systems. It is scheduled to run an antivirus system scan once a week, but you would like to verify this using WhatsUp Gold. Using the Event Viewer to look at the log of a protected system, you would find a message as shown below was written each time a scan completed:
Event Type: Information
Event Source: Norton AntiVirus
Event Category: Information
Event ID: 4098
Date: 4/1/2002
Time: 12:33:22 PM
User: NT AUTHORITY/SYSTEM
Computer: ATL144
Description:
Virus scanning completed.
Items scanned: C:-D:
...the rest of the text in this example is omitted...
To capture this message in WhatsUp Gold, you could configure a Windows Log Event as follows:
Display Name. Virus Scan
Source. Norton AntiVirus
Type. Any
Event ID. 4098
Match On. ~completed
A few things worth noting, the Source and Event ID uniquely identify a Windows Log message. Since we know the specific message we are looking for, we can set those two fields and leave Type set to "Any".
If on the other hand you were unsure of what
messages a given service could generate, you might leave
Event ID blank and instead set
the Type to Error, which would report on all messages marked
as Errors.
Also, note that we are matching on the string "completed" which appears in the virus scan message. This is just to make sure it ran to completion. If you need to see the entire message, you could (for example) attach an Email action to this event, and use the expansion variable %(Message) to see the entire message from Norton AntiVirus.