User Guide

Getting started
- Part 1: Add your infrastructure to FortiMonitor
- Part 2: Monitoring
- Part 3: Alert Timelines
- Part 4: Visualization
- Part 5: Team Management
- Part 6: Reports
- Part 7: CounterMeasures
- Supported browsers
Infrastructure Map
Instance Details page
- Assign Alert Timelines
- Create an Instance Group
My Account
- Can I see what changes have been made to my account and by whom?
- Manage email preferences
Dashboards
- Dashboard widgets
- Clone a widget
- Topology Maps
  - Create and save views
Monitoring
- Add monitoring to an existing server
- Tags
- Monitoring locations
  - Specifying confirmation check locations
  - Global monitoring network
    - Checker IP changes
- Advanced monitoring features
  - Compound metrics
  - Force a DNS update after an IP address change
- Monitoring policies
- Monitoring guides
  - MySQL monitoring
  - Redis monitoring
Templates
- Default templates
- Configure a template
- Apply server templates
- Template pattern matching
- Disassociate a template from multiple instances
Cloud monitoring
- AWS
- Azure
  - Azure App Service
- Cisco Meraki
- Kubernetes
  - Kubernetes Details page
Application monitoring
- Get started with Application Monitoring
- Add an Application
Path monitoring
SD-WAN application monitoring
- FortiGate and OnSight configuration for SD-WAN synthetic monitoring
- Set up SD-WAN application monitoring
Security Fabric
- Fabric Tunnel connected to FortiMonitor cloud (FortiOS 7.0 and newer)
- Fabric 7.x OnSight proxy
- Fabric 6.x Integration
- Fabric integration via FortiManager proxy
Network device monitoring
NetFlow monitoring
- Estimator mode
VMware
Network checks
- Network service checks
- Synthetic Monitoring
  - HTTP
  - HTTPS
- Browser synthetic (multistep) check
  - Available multistep commands
- JavaScript synthetic
  - Set up a JavaScript synthetic check environment
- Configure incident alert and response time thresholds
- Limit the number of confirmations for an outage
- Dynamic variables
FortiMonitor Agent
- Install the FortiMonitor Agent
- Add FortiMonitor Agent checks
- FortiMonitor Agent Security
- Windows Agent auto-update
- Add plugins to a blacklist
- Add metrics using Windows Performance Monitor
- Prepare a FortiMonitor Agent for server imaging/cloning
- Rebuild the FortiMonitor Agent metadata
- IP matching
- Start or end Maintenance from the FortiMonitor Linux Agent
- Migrate configuration to FortiMonitor Agent
- Troubleshooting the FortiMonitor Agent
- Automate the Agent installation
  - Use the FortiMonitor Agent manifest file
  - Remove an instance automatically
- Custom metrics and incidents
- Application plugins
Endpoint Agent
- Add a Windows Endpoint FortiMonitor Agent
- Add a MacOS Agent
CounterMeasures
- Linux CounterMeasures
  - Standard Linux CounterMeasure actions
  - Custom Linux CounterMeasure actions
- Windows CounterMeasures
  - Standard Windows CounterMeasure Actions
  - Custom Windows CounterMeasures actions
- OnSight-based CounterMeasures
- CounterMeasures security
- CounterMeasures Slack integration
OnSight vCollector
- One-liner installer
- OnSight virtual image installation
- OnSight AMI installation
- OnSight for Azure installation
- Automate the OnSight deployment
- Monitor a device that has not been discovered with OnSight
- OnSight discovery
- Upgrading the OnSight
- Manage and configure your OnSight vCollector
- OnSight custom metrics
- Additional setup and helpful tips
SNMP
- SNMP traps
- SNMP polling
- Configure SNMP alert thresholds
- SNMP troubleshooting
Alerting
- Alert Timelines
- Email
- SMS
- Integrations
- Limit the number of confirmation checks for an outage
- Set up an On-Call schedule
- Multiple server outages
- Notification for an individual service on a server
- Long-running incidents
Incident Hub
- View incident details
- Incident Solutions
- Create an incident using email
Reports
- Create a report
- Public status pages
- Exporting Metric Reports for long duration time periods
Maintenance Schedules
- Maintenance history
API
- API keys
- View the API library
- Custom incidents using API
- Postman
Users, Groups, and Authentication
- Add users to your account
  - Access control
  - Create a Group
- Single sign-on (SSO)
Multi-tenancy
- Manage subtenants
- Manage a multi-tenant environment
  - Multi-tenant dashboards
- White label options
Mobile app
- Acknowledging incidents and other actions
NCM
- NCM installation and initial configuration
- NCM Supported Devices
- Backup
  - Backup filters
- Search syntax help
- Mass Config Push
  - Device mode table
  - VT100 Control / Command sequences
- Device variables
- NCM Slack configuration
- System login
- Discovery
- Scheduling
- User security and access roles
- Sensitive data stripping
FAQ
- Data Retention and Compliance
Get support

Home FortiMonitor 24.2.0 User Guide

Windows Log Monitor

24.2.0

Copy Link

Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:983781

Download PDF

Windows Log Monitor

The Windows Log Monitor plugin allows you to monitor your windows logs based on the matching and frequency of certain specified occurrences. Event Log monitoring is based on C# regex syntax, you can read more about the syntax required to monitor event logs.

If you can not add this plugin in the Windows Add metric list, then your version of the Agent is out of date and you should update it to gain access to this feature.

If you haven't read Add FortiMonitor Agent checks, start there.

Control Panel Configuration

You can add a Windows Log Monitor check by clicking Add under the Windows metric section. Look for Windows Event Logs.

Metric	Unit
Windows Event Logs	Occurrences

The check itself will hinge off a number of variables, which are listed with their options below:

Log type

System
Application
Custom
All

To add custom logs or logs that are neither System or Application, see Custom logs.

Log Severity

Critical
Warning
Error
Information

Log Source (optional)

All Sources
Application Popup
Customer Experience Improvement
EventLog
Microsoft-Windows-CAPI2
Microsoft-Windows-DHCPv6-Client
Microsoft-Windows-DNS-Client
Microsoft-Windows-Dchp-Client
Microsoft-Windows-Diagnostics-Networking
Microsoft-Windows-Eventlog
Microsoft-Windows-FilterManager
Microsoft-Windows-GroupPolicy
Microsoft-Windows-lphlpsvc
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-Power
Microsoft-Windows-Kernel-Processor-Power
Microsoft-Windows-RestartManager
Microsoft-Windows-Security-Auditing
Microsoft-Windows-Time-Service
Microsoft-Windows-UserPnp
Microsoft-Windows-WindowsUpdateClient
Microsoft-Windows-Winlogon
MsiInstaller
NetBT
PowerShell
Server
Service Control Manager
TermDD
USER32
WinRM
Windows Error Reporting
xennet6

Log Message Regex Filter (Optional)

Set the Time Frame (range from 1 minute-60 minutes in 10-minute increments)

Set the frequency of the monitor (how often will the metric be collected?)

You can also set the Alert Timeline the alerts will adhere to, and tag the Windows Log Monitor checks.

Custom logs

To add custom logs, perform the following steps:

From the Monitoring Config tab of the instance click Add Monitoring > Windows > Windows Event Log.

2. For the Log Type, select Custom.

3. Fill in the other fields as shown in the following example. In this example, the Windows Event Viewer is used as a reference.

4. Set the Time Frame and Frequency based on your needs and the average period between events.

If you have any questions about how to properly configure this check, please contact our support team.

Windows Log Monitor

If you can not add this plugin in the Windows Add metric list, then your version of the Agent is out of date and you should update it to gain access to this feature.

If you haven't read Add FortiMonitor Agent checks, start there.

Control Panel Configuration

You can add a Windows Log Monitor check by clicking Add under the Windows metric section. Look for Windows Event Logs.

Metric	Unit
Windows Event Logs	Occurrences

The check itself will hinge off a number of variables, which are listed with their options below:

Log type

System
Application
Custom
All

To add custom logs or logs that are neither System or Application, see Custom logs.

Log Severity

Critical
Warning
Error
Information

Log Source (optional)

All Sources
Application Popup
Customer Experience Improvement
EventLog
Microsoft-Windows-CAPI2
Microsoft-Windows-DHCPv6-Client
Microsoft-Windows-DNS-Client
Microsoft-Windows-Dchp-Client
Microsoft-Windows-Diagnostics-Networking
Microsoft-Windows-Eventlog
Microsoft-Windows-FilterManager
Microsoft-Windows-GroupPolicy
Microsoft-Windows-lphlpsvc
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-Power
Microsoft-Windows-Kernel-Processor-Power
Microsoft-Windows-RestartManager
Microsoft-Windows-Security-Auditing
Microsoft-Windows-Time-Service
Microsoft-Windows-UserPnp
Microsoft-Windows-WindowsUpdateClient
Microsoft-Windows-Winlogon
MsiInstaller
NetBT
PowerShell
Server
Service Control Manager
TermDD
USER32
WinRM
Windows Error Reporting
xennet6

Log Message Regex Filter (Optional)

Set the Time Frame (range from 1 minute-60 minutes in 10-minute increments)

Set the frequency of the monitor (how often will the metric be collected?)

You can also set the Alert Timeline the alerts will adhere to, and tag the Windows Log Monitor checks.

Custom logs

To add custom logs, perform the following steps:

From the Monitoring Config tab of the instance click Add Monitoring > Windows > Windows Event Log.

2. For the Log Type, select Custom.

3. Fill in the other fields as shown in the following example. In this example, the Windows Event Viewer is used as a reference.

4. Set the Time Frame and Frequency based on your needs and the average period between events.

If you have any questions about how to properly configure this check, please contact our support team.