Kaseya Community

Adding additional Event Logs to monitor

  • I may be missing something simple, but how can we monitor additional event log types? like the "Directory Service" event log on all DCs, or custom event logs etc.

    Thanks in advance,

    N




    Legacy Forum Name: Adding additional Event Logs to monitor,
    Legacy Posted By Username: shaaad
  • So far Kaseya support has informed me that they can only watch for events in the app/sec/system event logs.

    How can we monitor an AD domain without watching the Directory Service log?

    Has anyone found a solution for this?


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: shaaad
  • Nothing yet. I just keep thinking this is just a miss sight by Kaseya and we will get an update that fixes it. I have been thinking this since April last year.

    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: far182
  • Yes, it does not seem so. I've e-mailed back and forth with kaseya support 4 times now, just trying to get them to understand what the "directory service" log is.



    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: shaaad
  • Hey Guys,

    Kaseya knows the importance in these logs, there has just been alot of things changing in the product. They are aware of the Logs that need to be added. But the reality is that there needs to be a new interface added for the additional log files. As you know more and more applications now days are just registering their own log files for the application Examples of this are:

    Internet Exploder 7: Has its own log
    A-Vast Antivirus: Has its own log
    Spy-Dr: Has its own log

    That does not even count the existing logs needed in the
    c$\WINDOWS\system32\config
    DnsEvent.Evt
    NTDS.Evt
    NtFrs.Evt

    Kaseya is aware... just hold tight.. its been some time I know.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: sourceminer
  • Yeah, it would work to just use the same interface, but let us add additional log sources.

    I don't know now everyone using this product has survived without this feature. The best way to monitor the health of Active Directory is through the directory service log.

    Does anyone know of any alternatives to monitor AD health using kseya?


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: shaaad
  • Download and install LogParser.txt
    Adding additional log sources requires a new interface.
    Believe me I share your pain...

    The only other way I have seen this done is by using MS Log Parser 2.2
    Install the product and then have it read the event log looking for some events and output a log file with the result. Alert based on that.

    I have the first part attached to this post which will download the product and install it.

    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: sourceminer
  • This is worth a shot, Could you share with us how you have/would configure an alert to use this?


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: shaaad
  • Run a script every hour.

    This script would run log parser to look for specific events in the specified log file. Output to another log if it does contain something.
    A second script would follow as part of the first that would send an email if the first script has that something in the log file.

    Hope that makes sence.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: sourceminer
  • So this is what your script would Execute:

    C:\Program Files\Log Parser 2.2>logparser -i:evt -o:CSV "SELECT * INTO test.csv
    FROM 'Directory Service' WHERE EventID='1126'"

    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: sourceminer
  • Anyone heard anything about Kaseya letting you add Additional Logs such as Directory Service? File Replication? or other custom Event logs?

    We need this!


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: shaaad
  • Bump...

    I think this is an important addition.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: shaaad
  • Is there no movement on this topic at all? How are we supposed to monitor Windows Server 2008, Windows Vista, Office 2007, etc without this functionality. Our customers are staying current with technology, but the capabilities of monitoring are not keeping pace.

    At a MINIMUM I am looking for a better solution that Log Parser for the Directory Services and FRS log files. These have been standard since Windows 2000, so its unclear to me why this functionality is still lacking.

    Also, any update on if 5.0 will have this capability and if so when it will be released?


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: jsammons
  • Question: Regarding Directory services monitoring. Windows support SNMP monitoring so is there not a way to use this function to get this type of monitoring? NABLE from what I know of is basicaly JUST SNMP so again would this not be a possible alternative until the new release is available?

    Don


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: PITG
  • ..ooOO00::BUMP::00OOoo..



    Adding my voice to the forum. This feature is desperately needed. Even a promise of releasing it with v5 would help a lot!




    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: ttroyer