Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

I am setting up a watch group for an NT event log, and I am ready to define a key. How many of the fields do I need to specify?

define event Fields group key log NT ready setting WATCH
0
Posted

I am setting up a watch group for an NT event log, and I am ready to define a key. How many of the fields do I need to specify?

0 CommentsAdd a Comment

1 Answer

0

An NT event log key normally contains six fields: the Event Type, the Source, the Category ID, the Event ID, the User, and the Computer. In most cases, the Source and the Event ID are all that is required to uniquely define an event. For example, event ID 6005 from the EventLog source is always “The Event log service was started”. However, and this is something you need to check, some applications that generate events use the same event source and ID, but change the text of the message. In this case, use the seventh field, and look for an actual piece of text.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123