[GH-ISSUE #996] Feature Request: Event Log Check can only use Application, System and Security #2548

New issue

Closed

opened 2026-03-14 04:30:13 +03:00 by kerem · 2 comments

kerem commented 2026-03-14 04:30:13 +03:00

Owner

Copy link

Originally created by @JSuenram on GitHub (Feb 28, 2022).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/996

Consider you want to monitor Eventlog vor NTLM-Auditing.
You need to look in "Microsoft-Windows-NTLM/Operational" which is not Possible with Event-Log-Check at the moment.

There are about 150 other EventLogs which are not written to Application/System or Security....
Currently you can not use them in TRMM.

Originally created by @JSuenram on GitHub (Feb 28, 2022). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/996 Consider you want to monitor Eventlog vor NTLM-Auditing. You need to look in "Microsoft-Windows-NTLM/Operational" which is not Possible with Event-Log-Check at the moment. There are about 150 other EventLogs which are not written to Application/System or Security.... Currently you can not use them in TRMM.

kerem closed this issue 2026-03-14 04:30:18 +03:00

kerem commented 2026-03-14 04:30:24 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Feb 28, 2022):

you can with powershell, can look at the defender checks for reference

<!-- gh-comment-id:1054180681 --> @dinger1986 commented on GitHub (Feb 28, 2022): you can with powershell, can look at the defender checks for reference

kerem commented 2026-03-14 04:30:29 +03:00

Author

Owner

Copy link

@silversword411 commented on GitHub (Mar 9, 2022):

You can use powershell to query any event log. Use this as example:
https://github.com/amidaware/community-scripts/blob/main/scripts/Win_Defender_Status_Report.ps1

Closing

<!-- gh-comment-id:1063376127 --> @silversword411 commented on GitHub (Mar 9, 2022): You can use powershell to query any event log. Use this as example: https://github.com/amidaware/community-scripts/blob/main/scripts/Win_Defender_Status_Report.ps1 Closing

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#2548

No description provided.