Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- init_config:
- # The (optional) tag_event_id setting will add an event id tag to each
- # event sent from this check. Defaults to false.
- #tag_event_id: false
- instances:
- # Each Event Log instance lets you define the type of events you want to
- # match and how to tag those events.
- #-
- # By default, the local machine's event logs are captured. To capture a remote
- # machine's event logs, specify the machine name (DCOM has to be enabled on
- # the remote machine). If authentication is needed, specify a username and a
- # password.
- # host: remote_machine_name
- # username: user
- # password: pass
- # The (optional) log_file filter will instruct the check to only capture events
- # that belong to one of the specified LogFiles (Application, System, Setup, Security,
- # or application-specific LogFile).
- - log_file: Application
- type: Information
- # tags: information
- # The (optional) source_name filter will instruct the check to only capture events
- # that come from one of the specified SourceNames.
- # source_name:
- # - Microsoft-Windows-Security-Auditing
- # The (optional) type filter will instruct the check to only capture events
- # that have one of the specified Types.
- # Standard values are: Critical, Error, Warning, Information, Audit Success, Audit Failure.
- # type:
- # - Audit Failure
- # The (optional) event_id filter will instruct the check to only capture events
- # that have one of the specified EventCodes.
- # The event ID can be found through http://www.eventid.net/ and viewed in the
- # Windows Event Viewer.
- # event_id:
- # - 4776
- # - 4672
- # The (optional) message_filters filter will instruct the check to only capture
- # events which Message field matches all of the specified filters.
- # Use % as a wildcard. See http://msdn.microsoft.com/en-us/library/aa392263(v=vs.85).aspx
- # for more on the format for LIKE queries.
- # NOTE: Any filter that starts with "-" will be a NOT query, e.g.: '-%success%'
- # will search for events without 'success' in the message.
- # message_filters:
- # - "-%success%"
- # - "%SYSTEM%"
- # The (optional) tags parameter will instruct the check to tag the captured
- # events with the specified tags.
- # tags:
- # - security
- # Here are a couple basic examples:
- # The following instance will capture errors and warnings from SQL Server which
- # puts all events under the MSSQLSERVER source and tag them with #sqlserver.
- # - log_file:
- # - Application
- # source_name:
- # - MSSQLSERVER
- # type:
- # - Warning
- # - Error
- # message_filters:
- # - "%error%"
- # tags:
- # - sqlserver
- # This instance will capture all system errors and tag them with #system.
- #- log_file:
- # - System
- # type:
- # - Error
- #tags:
- # - system
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement