×
![]()
Back to Geneos FAQ
FKM - How can I monitor the Windows Event Viewer?
You can use the FKM plug-in to monitor any keywords from the Windows Event Viewer.
Here is a sample XML for your reference:
<sampler name="FKM event log">
<plugin>
<fkm>
<files>
<file>
<source>
<ntEventLog>Security</ntEventLog>
</source>
<tables>
<table>
<severity>fail</severity>
<keyTable>
<data>
<keys>
<key>
<setKey>
<match>
<searchString>
<data>An account was logged off</data>
</searchString>
</match>
</setKey>
</key>
<key>
<setKey>
<match>
<searchString>
<data>An account was successfully logged on</data>
</searchString>
</match>
</setKey>
</key>
</keys>
</data>
</keyTable>
</table>
</tables>
</file>
</files>
</fkm>
</plugin>
</sampler>
There is an option Extended NT event log output under the FKM plugin’s Advanced tab.
If enabled, FKM will output the event text using an extended format containing additional fields for each event (such as EventID:4648), rather than just the defaults. The fields output are prefixed with the field name in extended mode, but not in default mode.
["Geneos"]
["Geneos > Netprobe"]
["FAQ"]