Receiving Windows Log Events

Windows Event Log is targeted to provide detailed information on functioning of Windows operational system and applications running under it.

Windows Event Log messages should be converted to SNMP traps to be received by Iotellect Network Manager. Refer to the SNMP traps for details on receiving and processing the traps.

This section presents instructions for configuring Windows machine to send SNMP traps when certain messages are added to the Windows Event Log.

The SNMP Agent should be installed and properly configured to send traps to the host Iotellect Server is running on. Refer to SNMP Setup on Windows Systems (and particularly Steps to Configure SNMP Traps section) for the details.

Defining and Exporting Event Mappings

Microsoft evntwin utility is used to select events and prepare necessary data. It provides a graphical UI for selecting, configuring and exporting event log messages to be translated to SNMP Traps:

  • Start the evntwin utility from the Start (Run) menu or from a command window.
  • The Event to Trap Translator window will appear.
  • Select Custom option under Configuration type group.
  • Click Edit. The Event sources list should appear.
  • Select the events to be translated to traps (the Find button can be used to search in the list) in and click Add.
  • The Properties window should appear. The trap generation conditions can be customized here.
  • Repeat steps 5-6 for every event you are interested in (alternatively you can select several events to add using Ctrl or Shift multiple selection)
  • Click Apply button.
  • Highlight all the items in the Events to be translated to traps list and the Export... button. Choose a location and filename to save the event-to-trap mapping definitions.

    • The exported mapping file should be a text file with one or more lines in the following format:

    #pragma add <LogName> "<SourceName>" <EventID> <EventCount> <TimeInterval>

    Configuring SNMP Traps

    Microsoft evntcmd utility is used to configure the translation of events to traps based on information in the configuration file. To do it just run evntcmd, giving it the name of exported mappings file.

    If User Access Control (UAC) is used on a Windows machine, command interpreter (cmd) should be started in the 'As an Administrator' mode in order to access the evntcmd utility.

    Was this page helpful?