Kaseya Community

Looking for some Best Practices in the world of Agent Event Log Settings

This question is not answered

Good morning.

We have been running Kaseya for a while now and are finally getting around to setting up event log settings (Agents - Event Log Settings). There are ... many, so I was hoping to throw a very basic "Where should we start?" inquiry out there. What are some bare-bones, must-have logs we should select from this list?

Thanks!

All Replies
  • Is full collection necessary?  I always recommend to our clients to use Monitor > Event Log to not only monitor and collect event log triggers but also create automation possibilities behind them as well.

    As for where to start from an operating system perspective, there are many different mediums from application crashes, installations, bad shutdowns etc.  

    I would begin with main pain points or event logs that are critical and begin from there.

  • One of the tools we provide in our RMM Suite is an Event log logger/parser. It runs monthly, getting 30-days of event log data from every server. It dedups the alert events to obtain a unique list of events that occurred across your environment.

    This list is then parsed, comparing each event against a table of what's already monitored and what we're aware of but don't want/need to monitor. What's left is a list of "what you didn't know" - new event data that you can review and either create monitors for, update existing monitors, or add to the "ignore" list. Thus, you can get a short list of new events each month. It takes less than an hour to review and update the tool's database, and maybe another 30-45 minutes to create or update the monitors for the new events.

    This is only run on servers since that's where the focus of monitoring usually is, but you could provide an argument to the tool to collect data from ALL systems. The first time it runs, you can also specify how far back to collect data instead of the default 30 days. Pulling a years worth of data from around 400 servers takes about 2 hours, including the summarization process. A 30-day collection takes about 10-15 minutes.

    The current version requires running an application on the VSA platform, but we'll have an "offline" tool that runs on any system with an agent installed to support SAAS platforms in late Feb.

    Glenn