This module allows you to create events based on the information provided by the Windows Event Viewer.
1. To configure a connector, go to the ASMS Management Console, in the Events from the main menu, Select the option Connector. In the information view, select the New and define the project; in Detail View You will be able to define the basic information of the connector.
| Field | description |
|---|---|
| Name: | Enter the connector name. |
| Description: | Enter the connector description. |
| Server: | Specify the name or IP of the server to which you will connect to extract the event information. |
| Log: | Enter the name of the log to be monitored. |
| Domain: | Enter the domain name. |
| User: | Enter the name of the user who will make the connection. |
| Password: | Enter the name of the password. |
| Filter: | Enter the filter to get the event information. |
| State: | ON for active or OFF for inactive. |
2. In the Detail View of a chosen connector, select the Synchronization and complete the information to perform connector programming.
| Field | description |
|---|---|
| Start Date: | Enter the date and time you want the event sync to start. |
| Type of programming: | Select the desired frequency of synchronization, the options are: - Once: It is only synced once on the defined start date. - At intervals: It syncs at user-defined minute intervals. - Daily: Syncs at user-defined intervals of days. - Weekly: Syncs at user-defined intervals of weeks. - Monthly: It is synchronized at user-defined intervals of months. - End Date: Set the date and time when you will suspend event synchronization. |
3. When you finish configuring the basic connector information, click Save to confirm changes made; in the Detail View the tabs are enabled Correlation.
4. In the Detail View of a chosen connector, select the Correlation and the New to include the associated values.
In this option, you can define conditions to determine whether a new event is identical or similar to an existing event, in order to relate it to the original event. When you identify correlated events, ASMS automatically increments the recurrence counter of the event.
5. Once the synchronization is done, the event will be created with the respective information.
6. To view the recurrence of the event, log in to the ASMS Administration Console, in the Events from the main menu, select the Events.
7. In the information view, select an event, and in the detail view, select the Historical.
—
Example: Getting Windows Event Viewer Filters
1. Enter the server and/or station, open the “Event Viewer” from the Start menu or search bar; Select the appropriate app and search for the specific event you are interested in.
2. In the right pane, you can view the options for filtering the current record. Click on the option “Filter Current Log” to define specific filtering criteria, such as dates, event ID ranges, severity levels, and so on.
3. After applying the filters, click on the “XML” tab and copy the information inside the tag “</Select>”.
4. Finally perform the connector creation and in the field “Filter” Set the filter obtained in the steps described above.
