Kaseya Community

Which specific Event IDs should I monitor for servers/desktops?

This question has suggested answer(s)

Hey guys,

Does anyone have a list of specific event IDs that are crucial for a technician to be monitoring?

 

I only have two so far:

Event ID of 1000 and the event source of "Windows Product Activation"  -- alert on Warning or above. (For windows activation issues)

EventIDs 11, 51, 52, 7,  and1968 for Disk Errors (ChkDsk)

 

Thanks guys,

Alan



[edited by: aabbasi at 4:21 PM (GMT -7) on 10-17-2011] typo
All Replies
  • Some more:

    Duplicate IP/Names:

    Type: Event // Name: 4198 (IP Address Conflict)

    Name: 4319 (Duplicate Name)

     

    Reboot from BSOD:

    Event ID 1001



    [edited by: aabbasi at 4:32 PM (GMT -7) on 10-17-2011] typo
  • There are two methods to using Event alerting: Setup event specific monitors or setup a *all monitor and build up an ignore list. I personally am a fan of the second method; It does require some extra time up front but helps ensure you never miss a critical event such as a failed RAID array again.

    One place to start if you want to use the event specific alerting is the system, built-in event sets that are included in Kaseya.

     

    Edit: To clarify, these built-in event sets are in the Event Log Alert section and start with 'zc-'



    [edited by: JonJohnston at 7:43 AM (GMT -7) on 10-18-2011] Edit