Kaseya Community

Alert on all errors except ID 1111

  • I would like to have alerts for all errors except for Event ID 1111.

    I created a new set that filters out 1111 but then Ido not receive any alerts on any other errors.











    Thank you.


    Legacy Forum Name: Alert on all errors except ID 1111,
    Legacy Posted By Username: pcasserly
  • I had the same issue myself until I realised that you need to have an inclusion rule as well as the exclusion rule.

    I therefore enable the monitoring for all events and then added my exclusion rule set as well.

    Hope this helps.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: Pschepman
  • Thank you.

    Problem solved.




    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: pcasserly
  • This almost sounds like what I would like to do ... capture all events except some pre-defined list.

    However, defining two sets, one using the predefined set, and my own ignore list, I would still get alarms for all events (including the 1111 event that nobody cares about)...

    So, how did you do this, exactly?



    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: RMicroData
  • Did you add both sets to the machine(s) that you are monitoring?




    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: pcasserly
  • It is not entirely out of the question that I may have crossed some wires here, and only applied my ignore list to application events, while the TermServices 1111 event is of course, a system event...

    Re-applied and re-testing.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: RMicroData
  • I created an ignore list for each event log. It allows me to keep track of what I am ignoring and allows me to be a bit more granular. Say for example I make a wildcard ignore for the event log that also matches something in the application log. A single ignore list would block it across all the logs. Using multiple ignore lists let you be a little more specific. I find it easier than having to create a specific event set for everything I want to watch for. However, I still use some specific event sets to monitor critical applications and such.

    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: steve