Possible to report on particular Event Viewer errors?

Comments

5 comments

  • Luke Nichols

    Hello,

    The column, comparison, and value will differ depending on what exactly you're querying through WMI. Could you provide a screenshot of the WMI page on an example computer with the "EventViewer - Disk" WMI scanner selected? Basically I want to see this page, but in your environment:

    1
    Comment actions Permalink
  • Bromsgrove School

    Fantastic, thanks Luke. That was all I needed, knowing where to look!

    I've now got this correctly working. For the benefit of others:

    2
    Comment actions Permalink
  • Emily Dullum

    I am also looking to do this with the Dell Trusted Device Agent within Event Viewer.  I can run a command from PDQ to give me instant results on a BIOS verification.  But I also want to be notified when the BIOS has been tampered with. Once the WMI scanner is set I'd like to create a report and have it emailed to me.  I would need notification of three different types of events from a similar source.  Here are examples of the events:

    1) Error - Partial Indicator of Attack has escalated

    Level: Error
    Source: Trusted Device | BIOS Events and loA
    Event ID: 12

    2) Warning - Partial Indicator of Attack was detected

    Level: Warning
    Source: Trusted Device | BIOS Events and loA
    Event ID: 11

    3) Information - BIOS Verification Success

    Level: Information
    Source: Trusted Device | BIOS Verification
    Event ID: 9

     

    0
    Comment actions Permalink
  • Colby Bouma

    While it is possible to do this in Inventory, I personally recommend using a log management product like Graylog, Splunk, or ELK.

    0
    Comment actions Permalink
  • Emily Dullum

    I know this is possible in PDQ, I just don't know how to do it.  I work for the government, so funds are tight.  I have to use what I have been given to work with. Thank you for the suggestions.

    0
    Comment actions Permalink

Please sign in to leave a comment.