Microsoft introduced additional "Operational" event logs with Vista and Windows Server 2008 that appear in the "Applications and Services Logs" section of the Event Viewer. Can I monitor these operational event logs with EventSentry, and if so, how?

Article ID: 163

Category: Event Log Monitoring

Applies to: 2.90

Updated: 2010-06-28

Most of the event logs contained under the "Microsoft" folder in the "Applications and Services Logs" section of the Event Viewer can be monitored using the "Custom Event Logs" feature in EventSentry.

To monitor these event logs you will need to specify the full path to the event log. You can obtain the path by viewing any event using the Windows Event Log viewer. Click on the "Details" tab, then choose "XML View". Inside of this view, you should see the log path between the <Channel> and </Channel> tags.

For example, events from the GroupPolicy Operational event log contain:

<Channel>Microsoft-Windows-GroupPolicy/Operational</Channel>

In EventSentry, you would use "Microsoft-Windows-GroupPolicy/Operational" as the event log name.

Please see the additional link for more information on monitoring custom event logs.