Kaseya Community

Event Log Monitor

This question is answered

Is Kaseya able to monitor the specific event logs like Microsoft-Windows-SMBServer/Operational?

Verified Answer
  • Hi  

    Yes, it is able to monitor any event log type on a windows machine.

    If this Event Log type is not populated within your VSA, you can run 'Update Lists by Scan' procedure once on the machine that has this specific event log type.

    This should then populate the Event Log Type within the Monitor > Event Log Alerts > Event Log Type drop down list.

    Let me know if you have any issues with this.

    Best,

    Nicolas

All Replies
  • Hi  

    Yes, it is able to monitor any event log type on a windows machine.

    If this Event Log type is not populated within your VSA, you can run 'Update Lists by Scan' procedure once on the machine that has this specific event log type.

    This should then populate the Event Log Type within the Monitor > Event Log Alerts > Event Log Type drop down list.

    Let me know if you have any issues with this.

    Best,

    Nicolas

  • I'm trying to do something similar, but can't figure out exactly how (I'm on hosted Kaseya, in case that makes any difference).  When our Exchange server rejects an email because the attachments are too large, it generates an event ID 3014 in the Application Log, Type = Warning, Source = MSExchangeTransport.  I'd like Kaseya to send me an email with the Event Log info (and bonus points if it can include the email sender and subject line) when this happens.  Is that possible?

    Thanks,

    -- Jonathan

  • That worked for me, thank for the info.

  • JMargulies,

    Once you configure the capture of the event ID, you can configure the alert action to be an email.  Click the Format Email button to open the email template pop-up.  Use the data keys defined to customize the email sent so you can include the various components of the event log entry in the email.

    As far as capturing the email sender and subject, if that information is included in the event log, you may be able to include it in your alert email, provided that info is captured into one of the fields available as a data key.  If the info is not added into the event log entry, then you may need to create a procedure to capture that information and enable the Script alert option (the "S" of the "ATSE" alert options).  There may be some options to configure on your mail server side to trap and/or forward the offending email (or the detail of it), or it may be possible to create a custom event log entry that adds sender/subject) into a custom event log which you could then monitor.  I'll let others chime in on some creative alternatives to that end, but at a minimum, you should be able to get the event info emailed to you.

    There is a lot of info available on creating custom event log entries within Windows and on creating custom event sets within Kaseya. A couple of resources are below. 

    • Creating Windows Event Log Entry:  https://technet.microsoft.com/en-us/library/Bb490899.aspx
    • Using Agent Procedure to create an Event Log entry:  http://community.kaseya.com/xsp/f/26/p/19323/89210.aspx#89210
    • This Tech Jam describes creating a custom event set within Kaseya (jump to the ~14:45 mark):  http://community.kaseya.com/resources/m/techjams/86401.aspx