I'm afraid I'm very confused when it comes to event log monitoring.
I understand how to create an event set, but when applying it, am I right that I have to know exectly which event log it would show up in, and tell the event monitor which log? E.G. application, system, etc?
I thought I rememebered reading somewhere that an event log monitor would "capture" and event id no matter which event log it shows up in.
Any clarification on how to properly set up a set and monitor would be greatly appreciated. I find it very confusing.
Gavin
u have to know the log - so if system or application....
3 main steps
1. Agent / Event log settings - ensure on the machine that you have added the required event logs and also the types of events you want to collect (this is only the collection stage) I would avoid informational logs if you can as your server will be polluted with events.
2. Create an Event set listing what you want to action on - Monitor Tab / Alerts / Event logs
in here you specify I want to look for event ID 1024 (for example)
3. Then apply this event set to a machine - you pick the log you expect to see it in and then the action you want - create email / run script / log ticket etc - then apply to the machine.
As per step 1 kaseya will collect the event logs for the machine and then run them through your Step 3 & 2 criteria to see if there is a match no match = ignore match = do the action you asked for.
You can also create an event set to ignore events so collect all and alert on all errors except these ones....
how would you apply the event log sets using policy management? it would seem that only Monitor sets not Event Logs sets can be applied this way.
They are applied in the"alerts" section of policy management , the same place you setup Offlines , Lowdisks Alerts etc.
There is an Alert Type call "Event Log"
perfect thanks that works..