How can I monitor Windows Event Viewer?

Here is a sample XML for your reference:

If you are using Gateway 2, and your NetProbe version is GA2011.2.1-111122, GA2011.2.2-111122 or later, it has the capability to monitor other fields in the Windows Event Viewer (namely: Source, EventID, Level, User, OpCode, Category and Computer fields).

The NetProbe should publish the XML schema back to the gateway.

You should see an option under the FKM plugin Advanced tab. You need to enable the setting called "Extended NT event log output" at the sampler (screen capture attached).

After that, the FKM plugin will display the additional fields as part of the message with a colon (:), and you can use this as the match key (e.g. EventID:4648).

*The ntEventLogname can be customized, and not only limited to those 3 choices from the drop down box.