Kaseya Community

Event Log Alert Logging

  • I'm having problems getting an Event Log Alert to fire. I've set it to send me an email and run a script if the alert is triggered. I've tested the script and know that it works. My alert is to fire when a specific "Informational" alert is written to the Application log. I've checked to ensure that my Event definition is correct and the event is being written to the Application log but my Event Log Alert is not being triggered. I've also checked that the alert is written to the AlertSet.xml file on the client and that Informational events are being collected from the client event log. Not sure what or where to check next. Any suggestions for troubleshooting would be most welcome.

  • Hey

    Can you provide a screenshot of the event log in the event viewer that you are creating and a screenshot of the event set configuration?

    Best Regards,

    Nicolas

  • Hi Nicolas - Here's a copy of the event log with some details obsfucated:

    Log Name:      Application

    Source:        ShadowProtectSvc

    Date:          3/17/2015 1:24:16 PM

    Event ID:      1120

    Task Category: None

    Level:         Information

    Keywords:      Classic

    User:          SYSTEM

    Computer:     ComputerName

    Description:

    Backup status: completed

    Image file: \pathtoimagefile\C_VOL-b002-i016.spi

    Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{C6389084-74FD-4105-BE0F-A3327589D701}.txt

    Start time: 3/17/2015 1:21:30 PM

    Event Xml:

    <Event xmlns="schemas.microsoft.com/.../event">

     <System>

       <Provider Name="ShadowProtectSvc" />

       <EventID Qualifiers="8192">1120</EventID>

       <Level>0</Level>

       <Task>0</Task>

       <Keywords>0x80000000000000</Keywords>

       <TimeCreated SystemTime="2015-03-17T20:24:16.000000000Z" />

       <EventRecordID>212459</EventRecordID>

       <Channel>Application</Channel>

       <Computer>ComputerName</Computer>

       <Security UserID="UID-GUID" />

     </System>

     <EventData>

       <Data>Backup status: completed

    Image file: pathtoimagefile\C_VOL-b002-i016.spi

    Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{C6389084-74FD-4105-BE0F-A3327589D701}.txt

    Start time: 3/17/2015 1:21:30 PM

    </Data>

     </EventData>

    And here's the Event Set:

  • ,

    Try wrapping the 'Description Filter' in asterisks, that way it will only parse for "Backup status: completed".

    Here is an example:

    If you are logging it to the correct log type and configured it to that specified log type, then it should trigger.

    The only thing it may be having a problem with is if any other characters exist after 'Backup status: completed'.

    Let me know if this helps.

    Best Regards,

    Nicolas

  • I believe Nicolas is asking for the screenshot of the Event Applied on the VSA.

  • OK, if it will help, here's a sample:

  • Well, the problem seems to have been in the "Description" portion of the Event Set. I tried clearing the various fields one at a time, testing and rentering them and it began working when I cleared the description field. For some reason it chokes on the description text, "Backup status: completed". Not sure if it's the space in the text or the text length or the colon or what. It could be another one of those "Feature Request" things... Anyway, it's now working correctly and I'm a happy camper again.

  • Hi  

    That sounds correct.

    The event log you are trying to trigger on appears to have more text in the 'Description' Field then just 'Backup status: completed" from the snippet you provided.

    If this is the case, and you want to trigger alarms the "Description" field of the event set, MUST match exactly the description field of the event log.

    The only exception to this rule would be if you used wildcards, similar to the screenshot i referenced in my previous post.

    If you wrap the description field in asterisks it should work as you would like it. (*Backup status: Completed*)

    Best Regards,

    Nicolas

  • Thanks, Nicolas. I think you nailed it again. There'll be a little something extra in your paycheck next week!  Big Smile

  • ,

    No problem! I will be looking forward to the end of the month as well Big Smile

    Best Regards,

    Nicolas