Home / server / Questions / 873476
In Process
JustAGuy
Asked: 2017-09-14 06:51:21 +0800 CST

Adding an eventlog to an existing Windows Log

  • 772

I have the following Event Log:

enter image description here

This Event Log only appears inside Custom Views -> Server Roles -> Remote Desktop Services. What I'd like to do is add it to Windows Logs -> Security as I already have an agent that's crawling this folder. Is that even possible?

windows-event-log

2 Answers

  1. The Remote Desktop Services event list you're looking through is actually a combined/filtered view of multiple different event logs. Everything you find in that Custom Views folder is generally in that category. You can also tell by the funnel icon rather than the notebook(?) icon on the legacy Windows event logs.

    For this particular event, you can see which log it's actually in from the "Log Name:" property, Microsoft-Windows-TerminalServices-LocalSessionManager/Operational. If you drill into Applications and Services Logs, you can browse down through Microsoft, Windows, and finally TerminalServices-LocalSessionManager which contains an Admin and Operational log.

    Event Viewer left pane 1Event Viewer left pane 2

    This is the log you need to tell your agent to crawl if you want to capture this event. I don't believe there is a way to redirect messages from this log to one of the legacy Windows logs.

    • 1

  2. This is not possible (unfortunately), log entries can't be redirected/moved around.

    You should get an agent that can monitor all event logs - all decent log monitoring solutions are able to monitor not only the original event logs, but also any log under "Application and Services".

    • 0