A team member sought help in creating a trigger for a specific windows event (with event ID 4725), which they wanted to log for future review. Other members pointed out that the event information needed to be at an audit failed level and also needed to be a supported event log. A link to support documentation was provided for reference. No further workaround was suggested.
Read the entire ‘Creating Triggers for Windows Events in ControlUp’ thread below:
Hi team, I am trying to create a trigger, when a specific windows event occurs with event ID: 4725 write the event logs away and store them for later review of the event. I tested if the detection on event id works by first adding "send email to SMTP" just to see if the detection works. Unfortunately, it does not seem to work any tips or tricks?
Dennis beat me.
:thinking_face:
Is the event information level? If so, it won’t get captured.
Also needs to be a supported event log.
https://support.controlup.com/docs/events-pane
Thanks for ur fast response 😄 @member @member Yes it is information level. Is there any workaround to get’s these type of event logged or visible?
Correction the type is audit not information level
Audit is fine as long as its audit failed.
Continue reading and comment on the thread ‘Creating Triggers for Windows Events in ControlUp’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers