9263: Acronis Drive Monitor: Critical Events Monitoring Configuration

use Google Translate

Applies to: 

Operating Systems: 

Configure certain Windows events to be considered as critical

Description

Acronis Drive Monitor allows you to specify which events from Windows event logs will be considered as critical for hard disks; and then the program will inform you only about such events in the Critical events page. You can change Windows Event Log monitoring configuration file for System and Application Windows logs. See Acronis Drive Monitor: Critical Events Monitoring.

To configure them you need to change an XML file (winlog_filter.xml) (Exclude and Include parts of the file have the same format, so you can specify them in the same file), which is located in C:\Users\User_Name\ AppData\Roaming\ (for Windows Vista/Windows 7) or C:\Documents and Settings\All Users\Application Data\ (for other Windows operating systems).

For example, if you want to add monitoring of event 51 from source Disk1 and to mark it as High risk, add the following line to "High risk" section:

<parameter source_name="Disk1" event_code="51" />

Argument values:

SourceName | Category | Type | EventCode | Message

Operation values:

contain | equal | more | less

Below is an example of a file with configuration for logs:

<?xml version="1.0" encoding="UTF-8" ?>
<filter_root>
<!-- String parameters: -->
<!-- argument = source_name|message -->
<!-- operation = contain|equal -->
<!-- Integer parameters: -->
<!-- argument = category|type|event_code -->
<!-- operation = equal|more|less -->
<!-- value for type = {NONE = 0, ERROR = 1, WARNING = 2, INFORMATION = 3, SECURITY_AUDIT_SUCCESS = 4, SECURITY_AUDIT_FAILURE = 5} -->

<include_filter risk="High">
<!-- Conditions in tag 'parameter' are logical AND-->
<parameter argument="source_name" operation="contain" />
<parameter argument="message" operation="equal" value="Achtung" />
</include_filter>

<!-- Conditions in individual tag 'include_filter' are logical OR-->
<include_filter risk="Low">
<parameter argument="event_code" operation="equal" value="6011" />
</include_filter>

<exclude_filter>
<!-- Conditions in individual tag 'parameter' are logical OR-->
<parameter source_name="W32Time" event_code="35" />
</exclude_filter>
</filter_root>

More information

See also Acronis Drive Monitor: Disk Health Calculation.

Tags: