Kaseya Community

Kaseya 2: How can I see event logs for all assets related to a client?

  • Hello,

    during maintenance we look at even logs (Application, Security, System, DNS, etc....) for EACH computer.
    Then, we try to identify new errors, critical errors, etc...
    I would like to automate this process by creating a report or a dashboard that shows, all application errors across all assets for a client, for example. This way I can concentrate only on those assets that are experiencing problems.

    So, two main question:
    1) How to collect all logs(last two weeks of logs) from assets in to one place?
    2) How to run graphical reports on them?

    Legacy Forum Name: Kaseya 2: How can I see event logs for all assets related to a client?,
    Legacy Posted By Username: mikhail.kogan
  • Make sure you have logging turned on for your agents:
    - Go to Agent -> Event Log Settings
    - Choose which event logs you want to gather and apply them to your agents

    Then set your retention/archive settings:
    - Agent -> Log History

    Finally create the report to show you all the events you want:
    - Reports -> Logs
    - Choose Event Logs
    - Choose the Event Log you want and definte your conditions

    You can save this report to run quickly in the future.

    Please note that you have to wait for your logs to be populated. Just by turning on logging doesn't mean it will grab all past logs. This just starts pulling the logs in from your agents. Also, if you are collecting a lot of logs your K database will start to grow large. Make sure you have enough space and use the Archive feature to offload the logs out of the database and on to disk in flat files.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CCDave
  • CCDave
    Make sure you have logging turned on for your agents:
    - Go to Agent -> Event Log Settings
    - Choose which event logs you want to gather and apply them to your agents

    Then set your retention/archive settings:
    - Agent -> Log History

    Finally create the report to show you all the events you want:
    - Reports -> Logs
    - Choose Event Logs
    - Choose the Event Log you want and definte your conditions

    You can save this report to run quickly in the future.

    Please note that you have to wait for your logs to be populated. Just by turning on logging doesn't mean it will grab all past logs. This just starts pulling the logs in from your agents. Also, if you are collecting a lot of logs your K database will start to grow large. Make sure you have enough space and use the Archive feature to offload the logs out of the database and on to disk in flat files.


    Awesome! I've been looking for a way to see if there are event trends on our clients and you have provided it... You get a cookie!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: thirteentwenty
  • How and when/frequency should we offload the logs to disk?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: jsa@emrgroup.net
  • jsa@emrgroup.net
    How and when/frequency should we offload the logs to disk?


    Thats up to you... I think most do 30 days, we do 60 here...

    Legacy Forum Name: How-To,
    Legacy Posted By Username: thirteentwenty
  • thirteentwenty
    Awesome! I've been looking for a way to see if there are event trends on our clients and you have provided it... You get a cookie!


    Wow, you're good. I came back to my desk and there is a cookie on it waiting for me. (Okay, so it was in my lunch already, but it still counts.)

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CCDave
  • Thank you!
    Does Kaseya 2 offer any charting capabilities?
    If not how easily can I query this logs from the database? I guess, how can query archived event logs(Application, Security, System, DNS, etc....)?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: mikhail.kogan
  • mikhail.kogan
    Thank you!
    Does Kaseya 2 offer any charting capabilities?
    If not how easily can I query this logs from the database? I guess, how can query archived event logs(Application, Security, System, DNS, etc....)?


    I haven't seen any charting functions within K2... I'm pretty sure you can do this by exporting your reports into an excel file, I'm not sure about the DB thing I'm not an sql kinda person =(./

    Legacy Forum Name: How-To,
    Legacy Posted By Username: thirteentwenty
  • I'm not sure what you are looking for in terms of "charting". With the Reports you can export out to Excel if you want to filter through the events and such.

    You can access the logs that are not archived directly by accessing the database on your K server. Beaware, though, that these tables have dynamic names that correspond to the date of the information. You would have to write some SQL queries to keep up to pace with these tables or to offload them to your own seperate database.

    As for accessing the archived log files, they are stored in flat files on your K server in the \Kaseya\UserProfiles\@archive directory for each agent.

    @1320 - Guess you get the cookie now for beating me by 10 seconds.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CCDave
  • What I meant by "charting" is some graphs that I would like to see based on historical(last 30 days) log entries.

    There is a view in the database called vNtEventLog .
    In my case it does "UNIT" operation on these three tables
    ntEventLog20100303
    ntEventLog20100304
    ntEventLog20100305

    Why does it do it on those three tables(dates)? What is the logic behind it? Will it refresh when more logs come in?

    Bottom line here is I would like to have a source of event logs for last 30 days. I want to simply query database and get the info. Is using vNtEventLog view the safest best? Or should I maybe use Kaseya' API to retrieve log information?

    Here is my set-up: http://img705.imageshack.us/img705/9366/kaseya.png

    PS
    I will use something like MS Reporting services to generate charts.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: mikhail.kogan
  • mikhail.kogan
    Bottom line here is I would like to have a source of event logs for last 30 days. I want to simply query database and get the info. Is using vNtEventLog view the safest best? Or should I maybe use Kaseya' API to retrieve log information?


    Yes, the view provided by vNtEventLog should be your best bet. This is supposed to keep dynamically updating the list of actual tables where the data is stored. I see you have your Event Logs set to 60 days. This means that the vNtEventLog view should allow you to access all 60 days worth of event logs.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CCDave
  • great, I will use that.
    One thing I cannot find is event's type(warning, error, etc...) I see that I can extract it from eventDetails field but not for all messages.
    How can I find event's type or severity level?

    /****** Script for SelectTopNRows command from SSMS ******/
    SELECT TOP 1000
    *
    FROM [ksubscribers].[dbo].[vNtEventLog]
    INNER JOIN [ksubscribers].[dbo].[eventLogType]
    ON [ksubscribers].[dbo].[eventLogType].EventLogTypeId = [ksubscribers].[dbo].[vNtEventLog].logType

    Legacy Forum Name: How-To,
    Legacy Posted By Username: mikhail.kogan
  • mikhail.kogan
    great, I will use that.
    One thing I cannot find is event's type(warning, error, etc...) I see that I can extract it from eventDetails field but not for all messages.
    How can I find event's type or severity level?


    Have you checked out the Help section on Database Views. It lists all the Views and Columns you have access to. In particular here is the page on vNtEventLog: http://help.kaseya.com/WebHelp/en-US/5010000/2681.htm

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CCDave
  • Thank you for pointing me to that view. I am using it with success. We pointed reporting services to that view and generating some useful charts.

    Important question came up:
    1) With windows server 2008, will we get all logs from windows logs(Application, Security, System etc...) or will we need to point Kaseya to logs split by categories (Application and Services logs -> Microsoft -> Windows etc... )

    2) Parallel question to #1: do all logs that get into "Application and Services Logs" also get into "Windows Logs"

    Just look at the event viewer on Server 2008 and you see what I mean...

    Thanks

    Legacy Forum Name: How-To,
    Legacy Posted By Username: mikhail.kogan
  • mikhail.kogan
    1) With windows server 2008, will we get all logs from windows logs(Application, Security, System etc...) or will we need to point Kaseya to logs split by categories (Application and Services logs -> Microsoft -> Windows etc... )


    Yes, Kaseya will grab all Windows 2008 logs, but you have to detect them first. Under Monitor go to Update Lists by Scan. Choose one of your Windows 2008 servers and run a scan. Once it is complete, go back into the Alerts -> Event Logs section and you will now have a large list of Event Logs to choose from.

    *Note: This also updates the lists of Services, Counters, Instances, etc. in the "Monitor Lists" section.

    mikhail.kogan
    2) Parallel question to #1: do all logs that get into "Application and Services Logs" also get into "Windows Logs"


    No, the Application and Services Logs do not get merged into the grander Windows Logs. If you want to alert out of these logs you will have to add them as above.

    Out of interest, can you share the graphs you are creating out of these logs? I've never though of graphing this type of data and would be interested to see what you are gathering and interpreting.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: CCDave