How do I monitor a specific Microsoft windows eventid with op5 Monitor?
You can use a function builtin to NSClient. The function is called CheckEventLog. Download our latest version of NSClient from the Agents section on: http://www.op5.com/get-op5-monitor/download.
When you have installed the agent you only have to create a new check command like this:
Create a service that uses the check command above:
This service will now check for event-id 18456 in the Application log and warn you if it finds five or more events with that id during the latest hour. You will get a critical if it finds ten or more.
The complete documentation for CheckEventLog can be found here: