MonitorWare Agent 14.1 Released

Release Date: 2021-07-14

Build-IDs: Service, Client


  • EventLog Monitor V2: Add support to monitor Analytic and Debug Channels.
    These channels will only work in polling mode and detection of the last record is limited due the nature of analytic / debug channels.
  • EventLog Monitor V2: Added new “Copy Messageformat into property” option to copy a second output format into a custom property.
  • File Monitor: Added support for batched processing which is a huge improvement regarding processing speed.
  • Database Monitor: Add support for BIGINT sql datatypes for the MaxID field.
  • Log Rotation: When compression after log rotate is enabled, we use the original filename inside the zipfile now which is more natural to the user.


  • EventLog Monitor v2: Removed unnecessary spaces within LOGSIEM JSON format.
  • File Monitor: Fixed a race condition saving the correct file position on
    action failure.
  • Log Rotation: Add support to move files across drives.
  • Status Actions: Fixed an issue calculating wrong values when multiple compute status actions were executed at the same time.

You can download Free Trial Version of MonitorWare Agent.

MonitorWare Agent 10.0 Released (Build-IDs: Service 10.0.444, Client 10.0.1522)

MonitorWare Agent 10.0 Released

Build-IDs: Service 10.0.444, Client 10.0.1522


  • Faster core engine
  • New Configuration Client running on Microsoft .Net Framework. If wanted, the old client application can be installed manually as “MonitorWare Legacy Client”.
  • The Agent can be switched from registry to file based configuration support. Requires usage of the new configuration client.
  • EventLog Monitor Classic(V1): Support for dynamic Eventlog files added.
    Kindly use an asterix (*) in the eventlog filename to activate it, for example: \\netappdevice\c$\etc\log\adtlog.*.evt
    When activated, EventLog Monitor will process all matching files automatically. The feature was primary added for NETAPP users who have dynamic filenames.
  • New System Property added to created UUID’s called “$NEWUUID”. Generates a random generated 128Bit UUID (Universally Unique Identifiers).
  • File Action: Seqmented Files or Circular Logging now also works with dynamic filenames.
  • EventLog Action: Now fully compatible with Windows 2012 and Windows 2012 R2.
  • Send Email Action: Automatically repair messages with incorrect Linefeeds before sending (Better compatibility for RFC 2822).


  •  none

You can download Free Trial Version of MonitorWare Agent.

“A complete step by step guide on setting up EventLogMonitor Service

How To setup EventLogMonitor Service

Article created 2003-02-24 by Rainer Gerhards.
Last Updated 2005-08-16 by Timm Herget.

Note: This guide was initially written for MW Agent, but the steps are the same in EventReporter.

1. First, right click on “Services”, then select “Add Service” and then “Event
Log Monitor”:

2. Once you have done so, a new wizard starts.

If the following Popup appears, please select “Create Service”:

Again, you can use either the default name or any one you like. We will use
“My Event Log Monitor” in this sample. Leave the “Use default settings” selected
and press “Next”.

3. As we have used the default, the wizard will immediately proceed with step
3, the confirmation page. Press “Finish” to create the service. The wizard
completes and returns to the configuration client.

4. Now, you will see the newly created service beneath the “Services” part of
the tree view. To check its parameters, select it:

As you can see, the service has been created with the default parameters.

The “Default RuleSet” has been automatically assigned as
the rule set to use. By default, the wizard will always assign the first rule
set visible in the tree view to new services. In our case, this is not correct
and will be corrected soon.

Note 2: If you want to generate reports (using Monilog) on the data via this service i.e. EventLogMonitor, then you have to press
the “Configure for Monilog” button and make the settings as shown in the screen-shot.

Note 3: If you want to generate reports (using MonitorWare
Console) on the data via this service i.e. EventLogMonitor, then you have to
uncheck the “Use Legacy Format” option. This is recommended. If you don’t
uncheck this option then meaningful reports aren’t generated (i.e. reports are
not properly consolidated by MonitorWare Console).

5. Now you must differentiate between clients and central hub server. In
clients use the “Forward ” RuleSet we have created in Step 2, select it as rule
set to use. In central hub server select the “Database Logging” RuleSet we have
created in Step 3. Leave all other settings in their default.


Central hub server:

6. Finally, save the change and start MonitorWareAgent. This procedure
completes the configuration of the syslog server.

MonitorWare Agent cannot dynamically read changed configurations. As such, it
needs to be restarted after such changes. In our sample, the service was not yet
started, so we simply need to start it. If it already runs, you need to restart

With step 5 the client machines configuration has finished. All the next
steps are only concerned with the central hub server.