Event Log Check - Remote Management Monitoring - TeamViewer Support
<main>
<article class="userContent">
<p><br></p><h2 data-id="general">General</h2><div class="blockquote"><div class="blockquote-content"><p class="blockquote-line"><em>This article applies to all Remote Management Monitoring & Asset Management customers.</em></p></div></div><p><em>Event Log Check</em> is a must-have <strong>Remote Management</strong> <strong>Monitoring & Asset Management</strong> check for Windows OS, it allows us to get insights into <strong>What? When? and How?</strong> an event happened in Windows OS.</p><h2 data-id="what-is-event-viewer-and-how-to-work-with-it">What is Event Viewer and How to work with it?</h2><p>To learn more about this topic please refer to the articles on Digital Citizen and How-to Geek:</p><ul><li><a href="https://www.digitalcitizen.life/basics-about-working-event-viewer-windows" rel="nofollow noreferrer ugc">Digital Citizen</a></li><li><a href="https://www.howtogeek.com/123646/htg-explains-what-the-windows-event-viewer-is-and-how-you-can-use-it/" rel="nofollow noreferrer ugc">How-To Geek</a></li></ul><h2 data-id="how-event-log-checks-work">How Event Log checks work?</h2><p><strong>Remote Management Monitoring & Asset Management</strong> Service uses <em>Windows API</em> to monitor the <em>Event Viewer</em> logs. Once every minute the system compares the <em>Event Viewer</em> logs with the event log check requirements from the Remote Management <strong>Monitoring & Asset Management</strong> policy.</p><p>When an event which we need to report is found in the <em>Event Viewer</em> logs<strong>, Remote Management Monitoring & Asset Management</strong> Service will report it to the <strong>TeamViewer Management Console</strong> and will send an e-mail notification.</p><h2 data-id="how-to-set-event-log-checks">How to set Event Log checks?</h2><p>In order to setup Event Log check, we will need to add the check to the Remote Management <strong>Monitoring & Asset Management</strong> policy.</p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/lithium_attachments/3798i22302019D0F9143F.jpg" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/lithium_attachments/3798i22302019D0F9143F.jpg" alt="Workflow.png" height="180" width="320" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p><strong>💡Hint</strong>: You can add multiple Event Log checks in one policy</p><p>We are ready to configure the event(s) we want to monitor.</p><p><strong>Name:</strong> Select a descriptive name for this check.</p><p><strong>Event Log to Query:</strong> Here we need to select the <strong>Windows Event Viewer</strong> folder to monitor.</p><ul><li>Application</li><li>Security</li><li>System</li></ul><p><strong>Event ID(s):</strong> Here we can add a specific Event ID to monitor, multiple event ID’s separated by “,”(comma).</p><p><strong>Event Source: </strong>Here we paste the exact name of the Event Source which generates the events.</p><p>We need to make sure that the Name is the same as listed in Event Viewer Event Details -> System-> Provider -> EventSourceName</p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/QC6RMW6OBKQA/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/QC6RMW6OBKQA/image.png" alt="image.png" height="654" width="998" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p><strong>📌Note</strong>: The system can work without adding any event source, however, we recommend specifying the event source if it is known. In this way, a proper notification will be sent when the desired event is generated by Windows Event Viewer and will filter out spam notifications generated by multiple sources.</p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/I2VUCYGO0KZ8/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/I2VUCYGO0KZ8/image.png" alt="image.png" height="373" width="791" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p><strong>💡Hint</strong>: If in doubt on what Event Type to choose, we can choose Select All so the system will report based on Event ID and Source, after a few triggered alerts we can filter it down even further.</p><p> <strong>Notification:</strong> Add the Notification e-mail(s). We need to make sure the desired e-mail address is part of the <strong>TeamViewer Company profile</strong> or is a contact in the user’s account. This is a security setting designed in the system.</p><p><br></p><p>Now we can save the policy and from the Manage Endpoints dialogue, we apply it to the computers.</p><p><strong>📌Note</strong>: If we need to add the policy to a group of computers we need to add it in the group properties (hover over a group -> click on the pen-> select edit) and then set all systems from managed Endpoints dialogue to “Inherit from group”.</p><p> </p><p>After we save the policy and apply it to Computer(s) or group(s) then it will be pushed in a few seconds to the monitored endpoints and the system will start monitoring the <em>Windows Event Viewer. </em></p><p>If an alert is triggered it will be displayed in the Alert list of the Monitoring Page and an e-mail notification will be sent with more detailed information about the Event.</p><p> </p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/XR5X24C8RZ32/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/XR5X24C8RZ32/image.png" alt="image.png" height="289" width="999" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p> </p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/lithium_attachments/3801i620FC769650E324C.jpg" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/lithium_attachments/3801i620FC769650E324C.jpg" alt="e-mail Alert good one.png" height="180" width="320" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p> </p>
</article>
</main>