Event Synchronization

All events visible in the Event Viewer are stored in active event logs. The probe supports active events retrieval by resynchronizing the event logs on start up.

This resynchronization operation can be enabled by setting the <Resync> tag in the XML configuration file (wineventlog.xml). When the Resync property is enabled, the probe will retrieve active events every time a new connection is setup.

The probe can be configured, using the EnableLastEventFilter property in the wineventlog.props file, to store a marker for the last event received for each log and upon resynchronization it retrieves only the new events created since the last received event. If EnableLastEventFilter is set to 0 and the <Resync> tag in wineventlog.xml is set to true, the probe will retrieve all active events for the specific log.

The <ResyncFilter> tag in the XML configuration file needs to be specified for each log.