Latch Event Monitor
03/27/14. Version 0.1
New tool to integrate Latch with Windows Events
Latch Event Monitor is a tool that monitors events in Windows and gives the user the possibility of tracking in a very granular way Windows logs, and react accordingly to a preconfigured Latch response.
This means that Latch Event Monitor will ask Latch servers what to do when a certain event is generated in a Windows machine. So the administrator has a tool to potentially react to events, and modify the behavior and scripts launched in any way, at any moment, just sliding a bar from his mobile device.
How it works
Latch Event Monitor works as a service and has a GUI to configure it. That means it still works and monitors logs even when no user is logged in. The service is constantly monitoring any event with the characteristics given by the user. When it occurs, it asks Latch servers and reacts in the way that the user has configured it.
It may as well be used as an alerting system, with no action associated to an event. So if an event occurs, a blocking message is sent by Latch to the mobile device, but no action is taken.
Latch Event Monitor with some configured rules
How to install it
No special instructions. Just accept the license and choose the path. If , for the sake of security, you do not want the service to run as SYSTEM, you may change it to whatever account you wish, as long as it has privileges to run as a service, and network access. More about how to achieve this, in the manual.
A config file is created in XML format. This file contains sensitive information. Take care with the permissions specially in shared computers.
Pairing with Latch
First of all, a Latch account has to be set with a pairing token. Go to Latch management and add the App ID and secret. A timeout is specified here. This means that if the computer is not connected to a network or, for any other reason it cannot get a response from Latch in the specified time limit (0 milliseconds by default which corresponds to no timeout) the “no response” action is applied.
How to add and configure an event
Each monitored event, may have this fileds:
- Name (optional): Any name given to the event that is going to be monitored. The name is representative only to better identify the event on the list.
- Log: Log tree source that Windows uses to classify logs. It is the same one you can find in eventvwr.msc. The success of your monitoring depends on this, so carefully choose which source you use. It is important to understand that some sources requires more privileges, like, for instance, “Security” so make sure that the account which the service runs under has such privileges. You have as many logs to choose from as Windows offers in eventvwr.msc
- Source (optional): This field represents the source of event, present in eventvwr.msc. It’s optional.
- Message: The text generated with an event goes through a matching system that can be used to discard or allow some events. If the string set matches, the Latch query will be launched. This is treated as a string, so “Starts with”, “Contains”… may be used to match.
- Event ID: If the event id matches, it will go through the process of checking the string in the message body.
- Operation ID: The operation ID used in Latch.
- Actions.Open (optional): If the Latch query responds with an “on”, the process specified here will be launched, with the specified argument set (optional).
- Actions.Closed (optional): If the Latch query responds with an “off”, the process specified here will be launched, with the specified argument set (optional).
- Actions.No response (optional): If the Latch query doesn’t respond (because there’s no connectivity, for instance, after the timeout declared in “Latch settings”), the process specified here will be launched, with the specified argument set (optional).
Event details with VNC example