Sample of Windows Log Entry

Suppose you use Symantec's Norton AntiVirus product to protect various systems. It is scheduled to run an antivirus system scan once a week, but you would like to verify this using WhatsUp Gold. Using the Event Viewer to look at the log of a protected system, you would find a message as shown below was written each time a scan completed:

Event Type: Information

Event Source: Norton AntiVirus

Event Category: Information

Event ID: 4098

Date: 4/1/2002

Time: 12:33:22 PM


Computer: ATL144


Virus scanning completed.

Items scanned: C:-D:

   ...the rest of the text in this example is omitted...

To capture this message in WhatsUp Gold, you could configure a Windows Log Event as follows:

Display Name. Virus Scan

Source. Norton AntiVirus

Type. Any

Event ID. 4098

Match On. ~completed

A few things worth noting, the Source and Event ID uniquely identify a Windows Log message. Since we know the specific message we are looking for, we can set those two fields and leave Type set to "Any".

If on the other hand you were unsure of what messages a given service could generate, you might leave Event ID blank and instead set the Type to Error, which would report on all messages marked as Errors.

Also, note that we are matching on the string "completed" which appears in the virus scan message. This is just to make sure it ran to completion. If you need to see the entire message, you could (for example) attach an Email action to this event, and use the expansion variable %(Message) to see the entire message from Norton AntiVirus.