Registry key monitoring in UIM


Article ID: 198197


Updated On:


NIMSOFT PROBES DX Infrastructure Management


Need to know ways in which we can monitor registry keys on windows server


Release : 8.x & 9.x

Component : UIM LOGMON


There is no out-of-box probes for this purpose. Generally you can deploy logmon probe to most of the Windows platform. You can achieve the purpose for monitoring registry key values against a known current values and raise alarms if not. 

Follow these steps
1) Create a new logmon profile

2) In the general tab, change mode to 'command' and enter command like C:\Windows\System32\REG QUERY HKLM\Software\Microsoft\DirectX /v Version
 this is for retrieving vale for key Version from local registry


3) Specify appropriate check interval for example 5 mins, de-select 'Generate Qos' and select 'Generate Alarms

4) Select Watcher rule tabs, and create a new watcher rule

5) In watcher rules -> Standard tab, use regular expression as such : /Version.*$/ and specify error message and alarm severity

6) In watcher -> Variables tab, create a new variable

7) In variable window, under section 'Source FROM Position' select 'Column' to '3' , which means the third columns from the matching row,
 the matching row should be something like this as from the command output Version REG_SZ XXXX.XXXX.XXX and the value of third column '' is assigned to your variable e.g. var

8) In variable window specify a variable threshold, in 'Expected Value' section , select operator '=' 'current_value', which is the value you expect it to be.

9) Modify in standard tab, the alarm message to include ${var}.

10) Apply and Restart the probe this profile will make sure to alarm when the directx version value is not your expected/current value by retrieving the value from registry and monitor the value against the specified threshold after applying a regular expression to match the row.

Note: A point need to mention here is that the user used by the probe must have the right to make a call using 'reg' command. If not so, assign the local user and its password with the rights in logmon probe configuration->setup

Since there is no out of the box probes monitoring registry, you have to create such a profile for each of your requirement specification. Let me know if this helps

Here is the alert