To add a logging handler to an alert:
- Edit an existing alert or create a new one. An alert cannot both send emails and write to the event log, so if you need to do both of these for the same alert configuration, you will need two separate alerts.
- Configure the message body as you would for an email message, including substitutable special text. The text from the message body is written to the event log. Note that HTML is not supported in the message body for event logging. The contents of the Subject line do not appear in the event log.
-
Check the Use handler box and select the logger event handler in the dropdown.
Figure 170: Expiration Alert with Event Logging Event Handler
Tip: If the expected event handler types do not appear, confirm that they exist and are enabled on the Event Handler Registration page (see Event Handler Registration). -
Click the Configure button in the Use handler section of the page to open the Configure Event Handler dialog and then click Add.
Figure 171: Expiration Alert with Logging Event Handler
-
In the Configure Event Handler Parameter
A parameter or argument is a value that is passed into a function in an application. dialog, select Logging Target Machine as the parameter Type, and enter the fully qualified domain name of the server to which you wish to send the event log message in the Value field.By default, the service accounts under which the Keyfactor Command application pool and Keyfactor Command service run have sufficient permissions to write to the event log on the Keyfactor Command server. If your target computer is not the Keyfactor Command server, you will need to grant appropriate permissions on that computer to one or both of these service accounts in order to write to the event log on that computer. When alerts containing event handlers are run in test mode, the application pool service account is used. When alerts containing event handlers are run as a scheduled task, the Keyfactor Command service account is used. Local administrator permissions are needed initially to allow the service account to create the event log source types on the target machine. After that has been completed (on the first successful write of event logs to the server), permissions for the service account can be dialed back to “Generate security audits” or “Manage auditing and security log” in the local security policy.
If you wish to use a DNS
The Domain Name System is a service that translates names into IP addresses. alias for the target machine value, you may need to disable loopback checking on the Keyfactor Command server and reference the target machine. - Click Save to save and then Close to return to the alert configuration. No other parameters are needed (or functional) for an event logging event handler.
-
Test the alert as described for your alert (e.g. Expiration Alerts. It is not necessary to check the Send Alerts box during the test. Alerts are written to the Application event log.
Figure 172: Expiration Alert Event Log