Correlate Windows Events

Use the Correlate Windows Events activity to specify the event log information that is to be located on the target.

To ensure this Windows activity executes properly, verify that the Remote Registry service is enabled on your machine.

  1. In the Workflow Editor Toolbox, choose Microsoft Windows > Correlate Windows Events and drag and drop the activity onto the Workflow pane.

  2. On the Workflow Properties pane, enter the following information:

    1. Under General, specify the following information:

      1. Display Name: Enter the unique display name for the activity.

      2. Description: Enter the brief description about the activity.

      3. Activity Timeout (Seconds): Enter the number of seconds to wait for Correlate Windows Events activity to fail because it timed out.

      4. Check the Continue Workflow Execution on Failure check box to continue the workflow execution on failure of the activity.

      5. Check the Skip Activity Execution check box to skip the activity.

    2. Under Target, specify the following information:

      1. Use Workflow Target: Check this radio button to use the workflow target.

      2. Override Workflow Target: Check this radio button to override the workflow target. You can select the appropriate target or +ADD NEW  from the dropdown list. For more information, see Microsoft Windows Endpoint.

      3. Use Workflow Target Group: Check this radio button to use the workflow target group.

      4. Override Workflow Target Group Criteria: Check this radio button to override the workflow target group criteria.

    3. Under Credentials, specify the following information:

      1. Use Target's Default Account Key: Check this radio button to use the target's default account key.

      2. Override Account Key: Check this radio button to override the workflow account key. You can select the appropriate Account key or +ADD NEW from the dropdown list. For more information, see Microsoft Windows Credentials.

    4. Under Windows, specify the following information or click Variable Reference icon to choose any variable:

      1. Entry Type: Check the check boxes for the types of events that must be matched from the dropdown list.

      2. Log Name: The name of the event log to be matched. Enter a name or expression in the text field.

      3. After Time: Correlate events that occurred after the specified time.

      4. Before Time: Correlate events that occurred before the specified time.

      5. Event Source: Check the check box and then enter the source or click the Reference tool to select a variable to find event log entries by where they occurred.

      6. Event Number: Check the check box and then enter the event ID or click the Reference tool to select a variable to find an event log entry by the event ID.

      7. Event Description: Check the check box and then enter the description or click the Reference tool to select a variable to find an event log entry matching a description.

      8. Event Computer Name: Check this check box to find an event log entry by matching a specific computer. Enter the computer name in the text field that should be matched or click the Reference tool to select a variable for the field value.

      9. Check the Persist Table check box to persist the resulting table to the Action Orchestrator database so you can view the results when the workflow instance is viewed.

Back to: Microsoft Windows

  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks