WIN_EVENTS Configuration Syntax

This configuration is used for the remote monitoring of MS Windows Event Logs. Without this feature, only Windows Event Logs on the Monitoring Server can be monitored. Enabling the WIN_EVENTS Configuration will allow for a larger number of events to be captured and Alerts can be created for remote MS Windows servers that do not have Prognosis installed.

Currently, this configuration is only applicable for monitoring remote Microsoft Skype for Business Windows servers

ADD SERVER (<fqdn>, eventlognames={Lync Server|Windows Server|Security}[, ip=<ip-address>, domain=<domain>, customer=<customer>, custom=<pwdkey>, sfbsite=<skype-site-name>, sfbpool=<skype-pool-name>])
DEFINE SUBSCRIBE-ATTEMPTS (<number-of-attempts>)

Syntax Elements


A separate ADD SERVER statement is added for each MS Windows server to be monitored.


(Mandatory) The Fully Qualified Domain Name (FQDN) of the server. This is used to communicate with the server if an IP address is not defined.


Name of an event log to retrieve, currently this can be; 'Lync Server', 'Windows Server' or 'Security'.

For advanced users, it is possible to support additional logs by modifying the 'Lync Server' file which is located in the '<Prognosis_Home>/Server/Configuration/events/xml' folder path.


The IP address of the server. If defined, this is used as the method of communicating with the server.


The domain name of the authenticated user logon. Specified here instead for the PASSWORDS Configuration.


A customer name to associate with the server.


The 'Entry Name' field from the PASSWORDS Configuration that contains a user name and password that are valid credentials for the server. See the Server Credentials below for further details.


Name of the Skype configured site name to which this server belongs.


Name of the Skype Pool name to which this server belongs.



Sets how often, in minutes, to check if it is still subscribed to receive Windows events. If no events have occurred in the last period, the Monitoring Server will re-subscribe again for events. By default, this is 5 minutes.



Configures the number of retry attempts to subscribe for events from a Windows Server if an error occurs. By default, this is 3. Attempts are made based on the SUBSCRIBE-TIMEOUT period defined above.


ADD SERVER ( \, "eventlognames=Lync Server", ip=, domain=PR, customer=IR, custom=WinEvents:RemoteServer)

Server Credentials

The 'custom' parameter defines which credentials are to be used in order to establish a connection with the server. This is mapped to the 'Entry Name' field of the PASSWORDS Configuration.


ADD SERVER (\, "eventlognames=Lync Server", ip=, domain=PR, customer=IR,custom=WinEvents:RemoteServer, sfbsite=Sydney,

For the 'custom' parameter there must be a corresponding 'WinEvents:RemoteServer' line in the PASSWORDS Configuration, for example:

Entry Name






Server Credentials that reference a domain

If credentials have been provided for the server where the username is in the form <domain>\<username>, then the domain is set in the ADD SERVER statement and only the username and password added in the PASSWORDS Configuration.


Where the username is "LyncDomain\administrator":

1) In the WIN_EVENTS Configuration add

ADD SERVER (\, ip=,domain=LyncDomain, custom=WinEvents:LyncServer )

2) In the PASSWORDS Configuration add

Entry Name






Provide feedback on this article