Fodome replied on Mon, Apr 6 2009 1:17 PM

rated by 0 users

Hello atvrocks,

Here's what you need to do:

1. Click "Devices" tab.
2. Click "All Managed Devices".
3. Select the Device you wish to Monitor the Event Log on.  If this Device does not exist, you will need to go through "Add New Device" first.
4. Click "Add -> Add New Monitors".
5. On the left-hand side, click "Windows Based".
6. On the right-hand side, click "Event Log".
7. On this page, specify the Event Area, Event Type and enter the following for "Scenario #1: RegEx Pattern":

(\i.*Warning: exceeded)

Click OK and that should be all.  If and when a match is found, it should send you an Information Email Action, assuming this Monitor is associated with a specific Alert.   In order to verify this, simply go to "Configuration -> Alert List" and verify if any of the Alerts contain the Group or SmartGroup that has the Monitor in question, or make sure the Monitor is listed.

Hope this helps.

Sincerely,

Chris Foley - SolarWinds - Support Specialist
Support:  866.530.8040  |  Fax: 512.857.0125
network management simplified  |  solarwinds.com

atvrocks replied on Mon, Apr 6 2009 2:12 PM

rated by 0 users

Chris - Thank you so much for your help .... it makes sense.

I added the monitor and the alert - but when I'm trying to test - I'm getting :

"Last Result:Logon failure: unknown user name or bad password; oserror: 0x52e"

or:

"Unable to open Event Log "Application" on "*****************". Reason: The ipMonitor 9 service context does not have the necessary privileges to impersonate"

What user should I use?  Right now I am able to pull all the monitors via snmp with the admin credentials.

Thank you again

atvrocks replied on Mon, Apr 6 2009 3:32 PM

rated by 0 users

Got the answer - DOMAIN\user vs. user did it.

Thank you

n5983v replied on Wed, May 20 2009 10:27 AM

rated by 0 users

This is what I need as well, but what screen are you in do these steps.    I see node manament but not tab or menu for All managed devices, where do I add the new monitors..

thanks,

gary

Fodome replied on Wed, May 20 2009 11:00 AM

rated by 0 users

Gary,

The Node Management page is found within the Orion NPM Web Console, not ipMonitor.  I think the following forum post might get you going in the right direction:

http://thwack.com/forums/p/15739/64263.aspx#64263

Sincerely,

Chris Foley - SolarWinds - Support Specialist
Support:  866.530.8040  |  Fax: 512.857.0125
network management simplified  |  solarwinds.com

licensing@nlc.com.au replied on Sun, Nov 29 2009 7:41 PM

rated by 0 users

I'm having the same problem.

However, I'm trying to monitor events on a system not added to the domain.

Getting errors:

"Logon failure: unknown user name or bad password; oserror: 0x52e"

and

"Unable to open Event Log "System" on "xxx.xxx.xxx.xxx". Reason: The ipMonitor service context does not have the necessary privileges to impersonate"

I've set up a service account on the non-domain machine and made it part of the local admins group.

I've set up the credentials in IPMonitor as follows:

Username: LOCALHOST\service account (also tried replacing LCOALHOST with the non-domain computer's actual name)

Password: *password used for service account on non-domain machine*

Is IPMonitor not capable of monitoring events on a machine not connected to the domain?