You can use the FKM plug-in to monitor any keywords from the Windows Event Viewer.
Here is a sample XML for your reference:
<sampler name="FKM event log"><plugin><fkm><files><file><source><ntEventLog>Security</ntEventLog></source><tables><table><severity>fail</severity><keyTable><data><keys><key><setKey><match><searchString><data>An account was logged off</data></searchString></match></setKey></key><key><setKey><match><searchString><data>An account was successfully logged on</data></searchString></match></setKey></key></keys></data></keyTable></table></tables></file></files></fkm></plugin></sampler>
There is an option "Extended NT event log output" under the FKM plugin Advanced tab.
If enabled, FKM will output the event text using an extended format containing additional fields for each event (e.g. EventID:4648), rather than just the defaults. The fields output are prefixed with the field name in extended mode, but not in default mode.
Comments
0 comments
Article is closed for comments.