Query Windows Events

Use the Query Windows Events activity to specify information about the event logs that you want to find on the target. The activity searches the event log on the specified target and returns all matching events in the activity instance.

To ensure this Windows activity executes properly, verify that the Remote Registry service is enabled on your machine.

  1. In the Workflow Editor Toolbox, choose Microsoft Windows > Query Windows Events and drag and drop the activity onto the Workflow pane.

  2. On the Workflow Properties pane, enter the following information:

    1. Under General, specify the following information:

      1. Display Name: Enter the unique display name for the activity.

      2. Description: Enter the brief description about the activity.

      3. Activity Timeout (Seconds): Enter the number of seconds to wait for Query Windows Events activity to fail because it timed out.

      4. Check the Continue Workflow Execution on Failure check box to continue the workflow execution on failure of the activity.

      5. Check the Skip Activity Execution check box to skip the activity.

    2. Under Target, specify the following information:

      1. Use Workflow Target: Check this radio button to use the workflow target.

      2. Override Workflow Target: Check this radio button to override the workflow target. You can select the appropriate target or +ADD NEW  from the dropdown list. For more information, see Microsoft Windows Endpoint.

      3. Use Workflow Target Group: Check this radio button to use the workflow target group.

      4. Override Workflow Target Group Criteria: Check this radio button to override the workflow target group criteria.

    3. Under Credentials, specify the following information:

      1. Use Target's Default Account Key: Check this radio button to use the target's default account key.

      2. Override Account Key: Check this radio button to override the workflow account key. You can select the appropriate Account key or +ADD NEW from the dropdown list. For more information, see Microsoft Windows Credentials.

    4. Under Windows, specify the following information or click Variable Reference icon to choose any variable:

      1. Check the Persist Table check box to persist the resulting table to the Action Orchestrator database so you can view the results when the workflow instance is viewed.

      2. Event Type: Check the type of events check box that must be matched from the dropdown list (Information, Warning, Error, Success Audit, Failure Audit).

      3. Log Name: The name in the text field of the event log to be matched.

      4. Event Source: Check the check box and enter the source or click the Reference tool to select a variable to find event log entries by where they occurred.

      5. Event Number: Check the check box and enter the event ID or click the Reference tool to select a variable to find an event log entry by the event ID.

      6. Event Description: Check this check box and enter the description in the field to find an event log entry to match the description.

      7. Check the Get Latest Event check box if you want only the most recent event to be returned.

      8. Events Generated within the Last: Specify a time period in which the event occurred.

      9. Events with Format: Select the time unit (minutes, hours, or days).

Back to: Microsoft Windows

  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks