Events Pane

By default, the Events pane provides a real-time aggregation display of selected events from your connected computers’ Windows System, Application and Security event logs. You may monitor any number of additional event logs by clicking on the “Add an Event Log” button in the Home ribbon and typing the name of the log you would like to add. The log name you enter must be exactly as it is in the computer you want to monitor. Additionally, the log file must be in the standard format. ControlUp does not yet support the Applications and Services Logs in newer versions of Windows.

The following event types can be collected:

  1. Error events
  2. Warning events
  3. Failure Audit events

Note: In order to collect and investigate windows events of other types (such as Information or Success Audit), or to enable long-term storage of event details for later analysis, it is recommended that you create a trigger of type Windows Event and configure a filter to include the events of interest. As those events occur, incidents will be recorded and become available for investigation using the Incidents pane.

Events are preserved in the Events pane for a retention period that can be configured in the Command Bar. (Default event retention period is set to 60 minutes).

The following actions are available when right-clicking on events:

Filtering Events

Using the Events Settings button from the Home ribbon bar (or the Events tab in the Settings window), you can configure parameters according to which the events will be displayed. The following filtering methods are available:

  • Excluded Events: by adding an Event Log Filter Rule here, you are setting a condition which, if matched, will cause the event to be ignored. For example, setting a rule which specifies Event ID 33 will drop all future events with the ID number of 33 from the console.
  • Event type. You can choose to ignore errors, warnings, and/or audit failure events.
  • Frequent Events Filter. By default, ControlUp is configured to ignore events that appear repeatedly for a configured amount of times during the event retention period. The default value is 100, so by default an event that appears a hundred times within an hour will fall under the “Frequent Events Filter” category and will no longer be reported. When an event reaches this threshold, you will see a pop-up notification in the left bottom corner of ControlUp console. This notification may be hidden by using the “Disable Frequent Event Filter Notifications” checkbox.

Note: Please note that if you turn off the default Frequent Event Filter, your ControlUp console may accumulate a large number of events, which may dramatically increase the amount of RAM consumed by the console. You may mitigate this condition by clearing events or by decreasing the Event Retention Period.

Note: The above filtering mechanisms only affect future events. In order to remove unneeded events from the current view, use the Clear or Clear All buttons on the Command Bar.

Event Actions

Add to Filter

The selected event’s details will be used to create a new filter rule to prevent similar events from appearing in the Events pane. You will be presented with a configuration window in which you will be able to customizing the rule before applying it.

Remove from this View

The selected event(s) will be removed from the current view. This will not prevent similar events from appearing in the Events pane in the future.

Search In: (Google, EventID, Microsoft TechNet)

Right-clicking on an event and selecting “Search In” will enable you to conduct online research using selected search engines with the details of this event. Internet connectivity is required for this feature.

Remote Desktop to Computer

Use this action to switch to the Remote Desktops pane and establish a Remote Desktop connection to the computer from which the selected event originated.

Launch Event Viewer

Use this action to open the Windows Event Viewer while connecting to the machine on which the event originated.

Note: This action requires RPC access to the managed computer(s) and administrative privileges on these computer(s). You might not be able to display the events on computers which do not meet these prerequisites.

Powered by Zendesk