SEARCH
Paylinks for BLOCKS
Knowledgebase
Windows Events - Source Name
Posted by on 25 February 2019 10:05 AM
Please see the attachment from Avast, it shows you how to properly get the source name of an event as sometimes this shows incorrectly in the event viewer GUI view (General Tab).

E.g. 
The Windows Backup event on a server, shows as:

LogName: Microsoft-Windows-Backup/Operational
Source: Backup
Event ID: 4
....

If you click on the Details tab and the XML View you can see more details for the event:

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Backup" Guid="{1DB28F2E-8F80-4027-8C5A-A11F7F10F62D}" />
  <EventID>4</EventID>
  <Version>2</Version>
  <Level>4</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x4000000000000000</Keywords>
  <TimeCreated SystemTime="2019-02-20T21:22:23.821614500Z" />
  <EventRecordID>7572</EventRecordID>
  <Correlation />
  <Execution ProcessID="6760" ThreadID="6896" />
  <Channel>Microsoft-Windows-Backup</Channel>


The Provider Name is the actual source of the backup.

When setting up reporting on Avast you need to take this into account as it will require the correct event name to pick up that event. Also the same with creating a task in task scheduler that triggers on an event.


Attachments 
 
 How to properly collect and monitor tiered Windows event logs.pdf (341.38 KB)
(0 vote(s))
Helpful
Not helpful
Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

ERROR: This domain name (powertoolreview.co.uk), does not match the domain name in the license key file.

For assistance with your license, please contact the Kayako support team: https://support.kayako.com