Network Management Software
LUA Software development
Smart Infrastructure Control
Real Time data collection
Dynamic Map and Synoptic
Custom GUI Design
How to forward Windows Events as Trap to LoriotPro
The Evntwin program from Microsoft provides a way to forward any Events (visible in the Windows Event Viewer) as an SNMP Trap to LoriotPro.
You can use this graphical tool to easily create a configuration file and then use the configuration file with evntcmd at the command prompt to quickly configure traps on multiple computers.
The list of Event log to forward as trap is applied from either Evntcmd or Evntwin to the SNMP Event Agent.
The Event to trap forwarder works if the Windows SNMP agent is configured to send Traps. Read the How to install and configure Windows (2000 -XP) SNMP agent first.
The first step consist of setting Event. Events within Microsoft Windows are displays in the local Event viewer window. All the Events are not displayed by default. but if you see the Event in one of the Event log you could forward it as a Trap.
There are three types of event logs:
To receive security events in the Event Viewer for example, Audit policy should be activated.
To set Audit, open the Control Panel, select and
If we Audit system events and somebody clear the Security Event log the Event viewer will display the following event.
Each Event as an ID which we will use in the next step to filter Event. Before starting the Evntwin program, be sure to have the type of Event (application, security, system) and the ID number.
The Evntwin configures the translation of events to traps, trap destinations, or both based on information in a configuration file.
Start the evntwin program from the Start RUN menu option.
The job consist of finding the Event number that you want to forward as a Trap to LoriotPro
First we select the Custom radio button and the Edit Button. The upper windows appears.
Select in the down left pane the Event sources. The event to capture is viewed in the Event log under Application Event log, Security Event Log or System Event Log.
In our example we want to forward a security Event log so we choose
We choose the 517 which is the number of the Event send when Security log is cleared.
We press add button and the upper pane "Events to be translated to traps" now contains our Event/Trap.
Do the same process for each Event you want to add in the Trap list.
When done, click the Apply button
After you have defined the traps you want, click Export to create a file suitable for use with evntcmd. You can use Event to Trap Translator to easily create a configuration file and then use the configuration file with evntcmd at the command prompt to quickly configure traps on multiple computers.
In our exemple, each time we clear the Security Event log, LoriotPro receive the following traps
Trap within LoriotPro could start actions (refers to the Event and trap filter in the LoriotPro Documentation)
Advanced configuration is possible on each Forwarded Event
Click on the setting button
It is possible to limit the lenght of the Trap sent. When this limit is activated, you have the choice to select what you want to keep if the message is truncated. Choose between String or message.
The Trap throttle prevent excessive SNMP Trap messages from flooding
The properties button gives you access to more settings for the current Event
We could see the the Enterprise OID of the Trap, Specific Trap ID which is simply the same as the Event ID.
The Trap is by default generated each time the event occurs. You
could set a count threshold that specifies the number of Event needed
before generating a Trap.
You can also use the evntcmd command (command line interface) to configure SNMP traps based on events recorded in system logs. You can also use this command to specify where trap messages are sent within an SNMP community.
Here is our example of .cnf file with Event 517 generated by the
The text #pragma must appear at the beginning of every entry in the file.
To find out what values correspond to particular events, start Event to Trap Translator by typing evntwin at a command prompt. Click Custom, and then click Edit. Under Event Sources, browse the folders until you locate the event you want to configure, click it, and then click Add. Information about the event source, the event log file, and the event ID appear under Source, Log, and Trap specific ID, respectively.