How can I trigger an alert for specific text from a (log) file

Article ID: 420
Category: Monitoring
Updated: 2020-03-26

With the "EventSentry Log File Monitoring" feature you can be alerted via email if specific text gets written to a file. In this HowTo, we will use the default "Log File > Windows Update" as an example but this can be used for any other log file monitoring package (existing or new).

  • Expand Log Files
  • Expand Windows Update
  • Click Event Log Alerts
  • Check "Log to APPLICATION Event Log"
  • In the Inclusion section, click the '+' and add the text you want to match on surrounded by the wildcard character (*)

This will generate an informational EVENT ID 8000 (unless the severity was changed in the last step). Create an include filter by clicking on "Event Logs" and selecting "Add Package" which can be labeled "Log File Monitoring", then right-click this package and select "Assign" (assign it to the host with the log file package you are trying to monitor) and then right-click on this package and select "Add Filter" and label this "Log File monitoring Alerts." You can click on this filter and enter the following information:

  • Actions: Default Email or any other (email) action
  • Log: Application
  • Severity: Information
  • Source: EventSentry
  • EVENT ID: 8000

Once your settings are saved and pushed out to the host with the log file monitoring package, you'll receive an email alert when any text matches the inclusion created.

Configuring an alert for a log file