Kaseya Community

Event error log overflow




  • 06:56:35 12-Jul-05
    Kaseya Server
    None
    5000
    N/A

    Overflow detected. Too many System event log entries received from the machine in the last 30 seconds. 11 entries have been ignored. Use remote control to access the machine to view the entire event log.


    Could someone explain this to me? How many events are too many?

    Thank you,
    Paul Miller

    Legacy Forum Name: Event error log overflow,
    Legacy Posted By Username: PMMiller
  • Kaseya will pull windows event logs up to the server, so that you can report and monitor these events. In earlier versions of the product we found that some badly configured machines could generate hundreds of events per second. This caused huge network issues, as well as crippling the server as it had to process all these events.
    To avoid this situation the agent will now stop this from happening, and stop uploading events if too many are being detected. It will put this event log entry in to alert you to the issue.
    Have a look at the event logs on the machine, and if necessary you can stop the events being collected on the agent tab -> log settings.





    Legacy Forum Name: Server,
    Legacy Posted By Username: jnuttall
  • When this event occurs how can you resume the collection of application events by Kaseya?

    Legacy Forum Name: Server,
    Legacy Posted By Username: alcur
  • After an overflow message, i've noticed that eventseventually will occur again in Kaseya, but it's not clear to me what triggers this. Often quite a bit of time has passed before events come rolling in again.

    Who can explain this and perhaps give an answer to alcur's question ( see last post ) too.


    Legacy Forum Name: Server,
    Legacy Posted By Username: toivo
  • I propose a new solution to this problem:

    Allow the agents to maintain an eventfilter list just like the reports have. I could not care less about Symantec Antivirus having trouble scanning file formats it doesn't recognize yet it logs hundreds of events on large file servers every day. If I could tell the agent to ignore these messages it would reduce my log file overflow problems.



    The otherthing that really needs to be implemented is to provide a supported method of re-defining what an overflowing log is. I could see 100 events in 5 minutes but 100 events in 30 minutes not nearly enough on heavily used domain controllers or file servers.




    Legacy Forum Name: Server,
    Legacy Posted By Username: northstardave
  • Totally agree with northstardave. I have a machine that no matter how hard I try I can't get the system event log to stop constantly filling itself with the same non-important error and it would be really nice if I could just say ignore source XXXXX and event id 9999.


    Legacy Forum Name: Server,
    Legacy Posted By Username: alcur