- Enable Event Monitoring Service – Enables the Event Log monitoring service, and all of the Event Log rules and exclusions on the following config page.
- Enable Internal Disk Event Monitoring Rules – This enables a pre-configured internal rule set to alert you in the event of potential disk errors. This is equivalent to Disk Health Monitor functionality.
- Email Event Alerts in Real-Time – Email alerts in real-time as they occur; otherwise they will be collected in a log file and saved, which can optionally be emailed as part of the Heartbeat. When this option is disabled, the event alerts are saved until a Heartbeat is performed (either on schedule or as part of Maintenance.)
On this page you define your custom Event Log Rules for the Event Monitoring Service. To get started, click the Write Example All Errors Rule button to write a default rule and see how it is configured, or just use this rule until you get more comfortable with the rules customization and have a flow of examples to see where you need to make modifications. Remember, you can always create/modify rules and apply them to your distributed copies of dSupportSuite, so it’s not important to get it exactly the way you want it the first time here.
Here are the required fields to create a rule:
- Rule Name – type a new name here to create a new rule.
- Monitor Logs – You can select to monitor the Application, Security, and/or System Windows event logs.
- Event Type – Select which event types to apply to this rule. Single types or any combination of multiple event types is supported.
The following fields are not required, but help customize the rule further:
- Event ID – narrow the rule down to one event ID only, leave blank for any.
- Event Source – narrow the rule down to one event source, leave blank for any.
- Keyword or Phrase in the Event Description – Include only events with the single keyword or phrase here. Text is not case sensitive when compared, so all lowercase is ok.
- Exclude Events with Keyword or Phrase … – Exclude all events matching all of the above criteria which have the single keyword or phrase here in the event description. Like above, this option is not case sensitive.
You may create as many rules as you desire.
Here you have three global options that when configured will ignore any event that matches one of your defined custom rules above. Basically if a rule gets triggered above, it will then be compared to this global exclusion list for matches, and if found, it will cancel the alert. There are three options for global exclusions:
- Event ID – exclude all events of a certain event ID.
- Event Source – exclude all events of a certain source.
- Keyword or Phrase in Event Description – exclude all events with any single keyword or phrase here.
This can be an extremely powerful way to fine tune your rule set above. You may define as many global exclusions as you wish. Select one of the three options above first, then type your text in the field and click to add an exclusion.
Windows 10/11 built-in Ransomware Protection (Controlled Folder Access) and CryptoPrevent (repost) CryptoPrevent version 21.7.23 adds a new setting for “Controlled...