Documentation
7.6. Windows EventLog¶
This is an event handler that send SFTPlus events to the Windows Eventlog service.
7.6.1. Introduction¶
SFTPPlus can be configured with multiple Windows EventLog event handlers.
The name configuration option is used as Source Name for the logs.
The name identifier should not include *, ?, - and \ characters. Space characters are allowed.
All events are sent to the Application category using the Informational level.
The Windows Event ID is the same as the general server event ID. For more information on server events, please see Server Events.
Note
Our roadmap includes adding configurable log level options. Please contact us to find out more about our roadmap progress.
Warning
When using the - character in the source name identifier, Windows Event Log Viewer will display an incomplete name as the source. This is a bug in Windows Event Log Viewer, and does not affect the information stored in the log. The detailed view displays accurate data.
7.6.2. name¶
- Default value:
''
- Optional:
No
- From version:
2.10.0
- Values:
Any text.
- Description:
Human-readable short text used to identify this event handler.
7.6.3. description¶
- Default value:
''
- Optional:
Yes
- From version:
2.10.0
- Values:
Any text.
- Description:
Human-readable text that describes the purpose of this event handler.
7.6.4. type¶
- Default value:
''
- Optional:
No
- From version:
2.10.0
- Values:
file-dispatcher - Dispatch a file into one or multiple paths.
http - HTTP POST request (unsecured).
local-file - Append events to a file located on the local file system.
email-sender - Send emails as an SMTP client.
windows-eventlog - Send events to Windows EventLog Service.
standard-stream - Send events to standard output.
syslog - Local Unix socket or remote IP:PORT address for Syslog.
create-archive - Create/Compresses one or more files.
extract-archive - Extract/Uncompressed a file.
external-executable - Execute an external script or program.
openpgp - Encrypt/Decrypt files using OpenPGP.
rabbitmq - Publish event to RabbitMQ AMQP 0-9-1 server.
extension - For custom event handlers implemented using our API.
- Description:
This option specifies the type of the event handler. Each type has a set of specific configuration options.
7.6.5. target¶
- Default value:
''
- Optional:
Yes
- Values:
Comma separated list of event ids.
Comma separated list of event ids starting with an exclamation mark.
Leave empty to handle all events.
- From version:
2.10.0
- Description:
Define a comma separated list of event ids to have the event handler triggered only for those events.
When you want to have it triggered for all the events, excepting a few events you should prefix each event id with the exclamation mark (!).
Leave it empty to handle all events.
Note
Combining the two methods is not supported as the same result can be achieved by allowing only the desired events, all the others will be ignored.
7.6.6. groups¶
- Default value:
''
- Optional:
Yes
- Values:
Comma separated list of event groups.
Comma separated list of event groups starting with an exclamation mark.
Empty.
- From version:
3.39.0
- Description:
Defines the list of event groups for which this handler is active.
When you want to handle all the events, except for the ones from a set of groups, prefix the group names with the exclamation mark (!).
An event can be a member of one or multiple groups. The event is handled if any of its groups is found in the list of configured allowed groups. The event is not handled if any of its groups is found in the list of configured ignored groups (starting with !).
Leave it empty to handle events from all groups.
7.6.7. usernames¶
- Default value:
''
- Optional:
Yes
- Values:
Comma separated list of usernames.
Comma separated list of usernames starting with an exclamation mark.
Leave empty to handle all events.
- From version:
3.9.0
- Description:
Comma separated list of usernames whose events are handled by this event handler. A username can include OS accounts, application accounts, and any accounts accepted by any authentication method including external HTTP accounts.
When you want to have it triggered for all the events, excepting a few events you should prefix each username with the exclamation mark (!).
Leave it empty to handle events from any users or events which are not associated with any user.
7.6.8. components¶
- Default value:
''
- Optional:
Yes
- Values:
Comma separated list of UUIDs.
Comma separated list of UUIDs starting with an exclamation mark.
Leave empty to handle all events.
- From version:
3.18.0
- Description:
Comma separated list of component UUIDs for which events are handled by this event handler.
When you want to have it triggered for all the events, excepting a few events you should prefix each UUID with the exclamation mark (!).
Leave it empty to handle events emitted by any component.
7.6.9. source_addresses¶
- Default value:
Empty
- Optional:
Yes
- Values:
Comma separated list of IP addresses.
List of IP addresses starting with an exclamation mark.
Empty.
- From version:
3.40.0
- Description:
Comma separated list of source IP addresses of the remote peers, which are handled by this event handler.
When you want to have it triggered for all the addresses, excepting a few addresses you should prefix each address with the exclamation mark (!).
Leave it empty to handle events emitted by any source address.
7.6.10. data_filter¶
- Default value:
''
- Optional:
Yes
- Values:
Comma-separated list of data member names and filter expressions.
Multiple expressions, one per line (Since 4.29.0)
Leave empty to handle all events.
- From version:
3.22.0
- Description:
Comma separated definition with the name of attribute data member and the targeted matching expression.
Data member names are configured with insensitive cases.
For more details about the available expressions see the matching expression documentation.
The following example will extract the value to be matched/filtered from the path data member of the event. The extracted value is then matched against the
*/folderA/*
globbing expression:[event-handlers/b904ed23-a234-4ccf-8abd-edcae4d3324f] data_filter = path, */folderA/*
See the usage instructions for more operational details.
You can filter based on multiple data members using multiple rules. Each rule is defined on a separate line.
In the following example, events are triggered only if they are uploaded into the directory named
reports-A
with a size of 0 bytes (empty file):[event-handlers/b904ed23-a234-4ccf-8abd-edcae4d3324f] data_filter = path, */reports-A/* size, 0
Leave this configuration empty to not filter based on the event's attached data, and handle events regardless of their data attributes.
7.6.11. fail_after_errors¶
- Default value:
10
- Optional:
Yes
- From version:
3.0.0
- Values:
An integer number greater than 0.
0 Disabled.
- Description:
Number of consecutive errors after which the event handler will automatically stop with a failed state.
Setting this to 0 will disable the feature. The event handler will no longer stop regardless of the number of errors encountered.