Kaseya Community

Is there a way to ignore alerts on specific Services?

This question is answered

Hi all,

forgive if this has been asked, also forgive that this is similar to the "monitor automatic services" thread by danarche.

Say i monitor *ALL services, and i want to setup an ignore rule for particular noisy services.

Can this be done?

I dont want to create individual monitor sets for each server type
I dont setting exceptions on a per server basis
I don't want to muck around with scripts and the like if i can avoid it

Update list by scan is good in the interim but it returns everytime its run.

Eager to hear thoughts.

Verified Answer
  • I completely agree with markdavidboyd.  I have been looking for a way to do that for quite some time.  It is so much easier and safer to monitor everything and igore specific services that are not important than selecting a handful of services for each server and manually keeping track.  I have asked my COntacts at Kaseya who thought was a good idea as well but it is currently not possible.  There is somehting coming out called Server Templates, which I hope will do the trick.  Eas template we can assign specific monitor sets and then all you have to do is assign a template to the type of machine.   Seems very cool.  You make changes one place and immediately updates all servers using that template.

All Replies
  • May I ask why you don't want to create individual monitor sets?

    Here's why I ask: The only way you're going to reduce the "noise" levels on alerts is to zero in on the specific things you want to monitor. The only way to zero in on those specific things is to know what kind of services each server is providing.

    And it's actually not that hard, especially with some of the provided sample monitor sets, to get just the monitoring you need for each server. (Service monitoring is probably the easiest thing you can do under the Monitoring tab short of applying low-disk-space and agent-offline alerts.)

    I don't really think services monitoring in Kaseya works on a "include everything, then exclude X Y and Z" basis like the event log monitoring can do, unfortunately for your stated wishes...

  • Thanks for the reply.

    I understand completely, i do have all those individual monitor sets, but i am reluctant to apply them for fear of what i will call "administrative purposes"

    If we monitor 2000 boxes our documentation is good enough to know what every single box is that we watch, what it does, its history of failures, uptime etc.

    I personally prefer to have only 2 monitor sets (not including snmp, alerts etc) per server

    - Base server services

    - Base server perfmon statistics

    With that model, i find it easy to administer a huge number of machines, learn its history quickly, and set and forget.

    In reality, there isn't much noise, it'd just be nice to get rid of what is there. The only one that is giving me trouble at the moment is TBS (Trusted Platform Module) and sppsc (MS Software Protection / acronym problem isn't accurate forgive me), and ShellHardware detection

    And with that said, if i zeroed in on the specific server services, like a DNS server, i'd do my research and know DNS Server Service is important, but wouldn't have a clue TBS might be flaky on the server, because it has nothing to do with DNS.

    In that scenario, i have missed a service that may not be critical to the role of the server but it could very well cause it to fall over, and i missed it negligently.

    If i on the other hand, apply all, exclude unneccessary, i will guarentee i miss nothing.

    That is my reasoning for wanting get all exlude x and y.

    At the moment, there is a big red dot on my dashboard, for every machine groups services, so we just do a set check each morning to make sure its nothing unexpected, and monitor new alerts (which are sparing during the day)

    don't get me wrong, its not a complaint, more a query for convenience.

    I do feel there is a benefit in it, if event log can do it, why not Monitor Sets?

    Hope that long winded train wreck of a story explains why i would like it.

  • Well as I see it there is no easy way to do what you want with Kaseya as it is. I agree with GD and your only option is to split up your monitoring sets. If you use agent templates you can bundle the monitoring set by configuration types (e.g.: DNS server, DHCP server, Exchange server etc...)

  • Hmm, im not sure how i see how its more beneficial think about every possible server role and make rules for each one, then collectively assign to each organisations server roles, vs apply *ALL to everything, then remove specific services as they are not required.

    In practise, i did what you were suggesting when we first went with Kaseya, administratively it was a great pain, and it didn't work well given the amount of automatic services that aren't server role specific. Shell Hardware (or whatever it is) has nothing to do with DNS, Exchange, SQL etc, had it not been covered by *ALL. and in the same tokein, the actual service stopping is not a problem, so i want to ignore.

    Could have been important , so we want to know about it, but it wasn't important so we want to remove.

    I maintain vigorously that the model i mention  is the better one. Unless i don't understand what you are saying.

    The whole point of Kaseya seems to me to automate on sets of common rules. 1 Agent template, 1 set of rules for everything to not miss anything, individual exclusions to get rid of noise.

    And if its an administrative nightmare to remove the rules individually, i'd rather that than miss stuff very unneccessarily and cost my customers money?

    Anyway, difference of opinion, lets move on.

  • I completely agree with markdavidboyd.  I have been looking for a way to do that for quite some time.  It is so much easier and safer to monitor everything and igore specific services that are not important than selecting a handful of services for each server and manually keeping track.  I have asked my COntacts at Kaseya who thought was a good idea as well but it is currently not possible.  There is somehting coming out called Server Templates, which I hope will do the trick.  Eas template we can assign specific monitor sets and then all you have to do is assign a template to the type of machine.   Seems very cool.  You make changes one place and immediately updates all servers using that template.

  • I will consider this answered, will wait for such a feature / the ability to do this.

    It is good to know that Kaseya themselves are heading the call.

    The whole point of an automated product is to remove the need to labourious administrative tasks :), with respect to all the above mentioned opinions :).

    Regards Mark.

  • The server templates from kaseya is just going to give you the ability to do what you can do currently with kaseya however they would be linked - so the idea is instead of having a template that you once off copy the template would be always attached to a machine.

    in this case you would still need to either create your specific monitor sets for selected services or you have a monitor set that do the *All and then you would still need to remove the ones you dont want to monitor

    The pain that the linked templates will save is that if you modify the template later on it will automatically apply this to the machines that are connected.

    We do service monitoring by role seems to tick the box - doing an all and then excluding means you have custom monitor sets per machine which makes managing the main monitor set a pain.

  • Hi Mmartin,

    Cheers for the feedback, im still steadfastily against individual server role monitoring, and from the varying people i have spoken to, they too understand my point.

    We monitor 100 servers and have 3 services across 5 of these servers that i'd like to ignore, we use *ALL, and its not an administrative headache to exclude 3 services across 5 servers, i'd think its more effort to create sets for all roles, and its a HUGE risk missing out services you didn't think were important / were set to automatic.

    Even if we scale this to 10,000 servers, the numbers not huge, and we no one brings on 10,000 servers at a time, there is no headache doing *ALL and excluding, i'm yet to be convinced that anything other than *ALL and excluding is the way to go.

    The last thing i will add is that you can do it for SNMP Objects, and interesting to note, we monitor hardware on a scale 10 - 1 against servers, the exclusion list is far bigger than servers will ever be.

    Again, each to their own, no criticisms, just discussion.

    Mark.

  • Hi Mark,

    I am a partially converted :o) just in relation to this how are you customising the services (I know sounds stupid)

    I just applied the *All to a couple of servers and when I went back in to the monitor set to get rid of some services the only thing in there was *All - I expected it to be listing the services that are actually on that server and I just select the ones I don't want and remove.

  • I think I should have read the whole thread again - this is not possible hence the post should not be posting late at night :o) it just seems dumb...

  • Hi mmartin,

    I was just in the middle of replying when i got your email about reading the whole thread :) Nice. Where are you ? I'm in australia so its 10am here.

    In repsonse to your statement, it doesn't show all the services set to automatic, which is unfortunate but its a double edge sword, no matter how we do it, theres positives and negatives for both sides. I just found the *ALL mitigates all the above mentioned risks (missing stuff etc)

    I really do think i will raise this with Kaseya, it seems like we should be able to *ALL then ignore services we dont want, like with event logs and SNMP indvidual sets.

    Cheers for the replies :)

  • Hi Mark,

    I am in Dublin so 11.15pm here

    what is strange is that you can do it for disks in monitor sets - if you want to monitor logical disks you can choose all and then remove the ones you don't want.

    It just seems like they missed it rather than chose not to put it in.

    As I said I tested on a number of servers there and without the ability to restrict it is a non runner I got about 5 alerts per server for services not started but a lot are services I don't care about so without the ignore option I would get 30 emails every 6 hours so not a runner - does seem a shame I was nearly sold on the idea. I am mailing my Kaseya contact at the moment so going to add that to the list he might have a sneaky way around it.

  • I put in a feature request and emailed some local Australian gun Kaseya Pro's.

    My intial thought in this thread was, there was a way to do but i was unaware.

    Now i realise its not able to be done, but it REALLY SHOULD.

    And your metric, 5 alerts Per server = 30 emails is the exact reason i want exclusions.

    What if one of those alerts was legitmate, but because you set up server roles instead of *ALL, it was missed and the server failed catastrophically, because the server was "pigeon holed" into a role. Poor management of the environment is what it boiled down to.

    Simply being able to exclude service within a *ALL setup, would mitigate every possible risk with a really small management overhead, certainly smaller than creating individual server service roles

    We are on the same page, this is good, we will get something happening on this i assure the community.

    Talk soon no doubt.

  • Hi Mark,

    You touched a nerve with me on this one so I have been working on a mini project for this.

    I have built an exe that you run on a server and it will monitor all automatic services, the difference is you can have a global exclusion list and also a private exclusion list - the global is services across the board you want to ignore and the private is just ones for that server you wish to ignore.

    I have it applied to 40 SBS servers at the minute and I was surprised by the inital flood I got but quickly filtered them lots of services that had been left over from uninstalls and old AV etc - you can update the global on your k server and then there is a procedure to push it down to the clients. I have also built a procedure to add a service to the local private list and also one for changing the service startup type as I found some services set to automatic that by default were manual.

    Anyway it would be good to get feedback from you on if would you be interested in testing it.

    Oh basically what happens is if it detects a service stop it tries to start it if that fails it logs to event log and an event set picks up the alert.

    I will provide the code too so you can compile it yourself too just so you know exactly what is in the exe - it is written in Auto IT.

    Amendments or suggestions welcome on it.

    If you interested let me know and I will post up the files.

    And if Kaseya resolve the issue down the road great but I needed a solution now.

    Michael

  • Hi Michael,

    Sounds exciting, Is there a way to private message in these forums? If there is, pm me and ill give you my details.

    Sorry for the belated reply been busy as all heck.

    It sounds like a really good idea, what exactly does it do? Do you define a black list that stops the alert before it gets to Kaseya? I am quite intriuged and i have a few servers i can test it on :)

    Is there supporting documentaiton on how it works? is it an agent procedure that controls how it all works or a standalone app?

    Let me know how you wish to procede.  :)