We have few servers that uses Windows Server Backup. We need to be notified if the backup event success did not occur in a day. We have setup the Event Log alert to:
Alert When this event didn't occur within (1 Day). with the correct event id:
Source Filter: microsoft-windows-backup
Event ID: 4
The issue is that we either keep getting alerts that the event did not occur on some servers or that if the backup actually fails, we never get an alert. We played around with the time frame (changed it to 23 hours) just to test and same issue happened.
The event log alert is set for
Alert Level: Information.
Any one have any ideas?
Could you please provide us a screenshot of the configuration within your Event Set?
Also, can you provide a screenshot of how the event looks within the Event Viewer itself?
It sounds as though the Event Set may not be detecting this event correctly or may only be catching unique parameters within the log.
Please see the screenshots below. The goal is to only get alerts when this event is not logged in a day.
Thank you for your time.
I created a new event set with slightly different configuration based on your comments:
Now, this does not necessarily fix the issue as I am unsure of what is happening during each false alarm condition.
However, it should capture the event you are specifically looking for instead of possibly capturing other Event ID 4 logs that may not be "successfully finishing".
My first thoughts would be to build this test event set I configured, apply it to a few test machines and review if the behavior is what you expect.
If you still have these issues after adjusting the set/applying this new set, I would advise to create a support ticket and provide the number here. This way we can get into the details of each false alarm condition and what may be contributing to it.
Let me know either way.