Sentry-go KnowledgeBase Article

Sentry-go KnowledgeBase
Title	How to monitor a custom Event Log
Applies To	Sentry-go Log Monitor component

Problem: When I configure Sentry-go to monitor a custom Event Log, I enter the .evt file of my log file, but the monitor reports events in the Application Event Log instead. Cause: To monitor a custom Event Log, you must specify the name of the registered log file, not the .evt file. If Windows cannot open the correct file, the underlying API defaults to opening the Application Event Log and hence the incorrect log is monitored. Solution: To monitor a custom Event Log, configure Sentry-go to monitor the log type "Windows Event Log". In the "name/path" field, simply enter the name of the registered log file. To find the registered Event Log name … Run Regedit.exe on the machine being monitored to access the local registry. Do not edit the Registry values, we simply want to view them. Navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog Below this key will be a number of sub-keys including Application, System etc. Other registered names will also be listed. Use the name that corresponds to your log file. Enter the remaining criteria to complete the monitoring configuration. You will now be monitoring the correct custom Event Log on the local machine.