Monitoring Task Scheduler events from UIM

Document ID : KB000011515
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

-          How to  Monitor Task Scheduler events from UIM?

Answer:

-          This can be achieved using the ntevl probe version 4.23, however certain configuration changes are required in prior so that ntevl is able to read the Task Scheduler Event logs.

 -          Under the “Properties” tab in the ntevl probe from the list of “Available log Files”, you need to select the appropriate logs to read i.e. in this case ‘Microsoft-Windows-TaskScheduler/Operational

ntevl.JPG

-          Since the Events of TaskScheduler do not directly not fall under the default logs of ntevl namely System, Application and Security.

-          We can use this method to set ntevl to read additional logs other than standard one.

-          Alternatively you can add this under the Logs Section through the Raw Configure(Shift + Right click)

ntevl_Raw.JPG

These changes enables the server to read logs other than standard ones.

Additional Information:

https://docops.ca.com/ca-unified-infrastructure-management-probes/en/alphabetical-probe-articles/ntevl-nt-event-log-monitoring/ntevl-im-configuration