Kaseya Community

AGENT ERROR LOGGING DISABLED

  • I have found that if the agent on a machine is flooded with error events (100 in 16 minutes), the VSA automatically disables ERROR events logging for that machine.

    NOTE: In this case, it was a client machine making with some type of app on it trying to send out emails with each attempt failing. This is what brought it light that the VSA automatically disables event logging and no notification was provided that the VSA was performing such an act. Only by viewing the agent log settings did I find that various machines have had their log settings disabled.

    The problem I found is that the VSA disables error event logging without notice of any kind. So, it is assumed that an alert would appear in the event of an error on a machine, but, since the error logging was automatically disabled (without any type of notification) the error events occurs and the VSA ignores the error event.

    I have checked the event log on the VSA and on the client machine and there is no reference to "Kaseya Agent" for a source in an attempt to create an alert for such a situation. In fact, there is no reference to "Kaseya" anthing in the event logs.

    In the VSA AGENT LOG (EventID 5011), it does show that the event logging has been disabled and the machine and the basic reason for the VSA disabling the event logging.

    Does anyone know how to set an alert so in the event the VSA does disable any logging on a machine, an alert is create and an email sent ?






    Legacy Forum Name: AGENT ERROR LOGGING DISABLED,
    Legacy Posted By Username: shickey
  • We get these alerts because we're setup to receive e-mails for Errors, Failures, and Warnings on criticals systems (yes, we receive a LOT of extraneous e-mail because there is currently no good way to filter or set thresholds).

    So if you choose to have alerts sent, you will also receive the notice that logging has been disabled. It is extremely annoying having simply stop because if we over look that message (it gets lost in the plethora of messages that I mentioned), it may not report any more and everyone thinks things are running smoothly.

    There should be a special warning or a way to automatically restart logging after a period of time or something... And to your point, it SHOULD send an e-mail when logging is disabled even if you're not sending e-mail messages for that log.

    and we really need threshhold controls on event log messages...


    Legacy Forum Name: Technical Issues,
    Legacy Posted By Username: kentschu
  • Imported Empty Post

    Legacy Forum Name: Technical Issues,
    Legacy Posted By Username: shickey
  • Imported Empty Post

    Legacy Forum Name: Technical Issues,
    Legacy Posted By Username: shickey
  • This feature was introduced a couple of versions back (I think it was 4.1).

    They call it Flood Protection. What was happening is that the SQL server would get hammered with too many events and lock up the Kaseya server.

    So Flood Protection was introduced.

    I spoke to Kevin Carlson about this since it's causing me a problem monitoring Web Server security logs. One of my client's (a web developer) gets hammered with hack attemps all day long. So Flood Protection kicks in and turns of the Security Log monitoring.

    I understand the need to do this. However, it needs to turn itself back on automatically or set some type of minimum time when it turns back on.


    Legacy Forum Name: Technical Issues,
    Legacy Posted By Username: misolutions
  • I was under the impression that all events generated came strictly from the client machine event log. I have discovered that it appears the alerts are actually generated from the client event log on the VSA.

    Now I got it. Thanks






    Legacy Forum Name: Technical Issues,
    Legacy Posted By Username: shickey