Kaseya Community

Event Sets - missing something?

  • I've set the alert options on the agents tab so we only get alert, warn, audit fail (AWF) events sent up to the KServer.

    On the Monitoring tab, Alerts, for each of System, Security, Application I'm then checking AWF and selecting from the drop down. As expected, this then raises alerts for all these events.

    I've then created some custom event sets. I started with some system events.

    First question: When I assign a custom event set, do I still need to select the AWF checkboxes for each custom event?

    I then moved onto the security tab to do the same and was surprised to see all my system custom event sets listed.

    Next question: Does it then not matter which log I assign custom event sets against, because they are checked for them all, or do I need to keep a note (or put something in the name) to separate out my custom event sets on a per event log basis?

    Having set all these up, I then can't see where they actually get used. There's certainly no mention of them when I look at the alert summary for the machine in question. Initally I figured I'd screwed up somewhere in the config, so I removed them all and added one Logon Failure event set, with an additional e-mail alert to me. Having triggered a logon failure via terminal server logon, I did indeed receive my e-mail and the alert was raised. I still can't see where it mentions the name of my custom event set though.

    Custom Monitoring Sets get mentioned by name when they raise an alert.

    I figure I'm missing something fundamental somewhere.

    gordon


    Legacy Forum Name: Event Sets - missing something?,
    Legacy Posted By Username: gordonc
  • Gordon,

    In Monitor > Alerts > Application Events (as well as Security Events & System Events), when you select an Event Set for machines, each Event Set will be listed under each machine showing who each set will email and the EWISF info.

    Does this not show up in your view?

    Vince


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: vplaza
  • Yup, basically where I configured them - yes?

    I've not got e-mail alerting set up (except for that one test). We had a pile of stuff in place before kaseya which e-mailed us and we basically got fed up being spammed all day long by e-mail alerts. One of the big reasons for Kaseya was to get away from that.

    What I'm not seeing is that when these alerts are raised, the alert itself has the name of the custom Event Set against it.

    gordon


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: gordonc
  • Ahh, I see what you're getting at.

    It appears that you are correct in that the Alarm generated by the Alert (and the Alert itself) does NOT seem to reference the actual Event Set that you used for that machine that had that event listed.

    Sounds like a good feature request.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: vplaza
  • Which for me right now, kind of defeats the purpose of setting up all these custom event sets in the first place.

    Ideally I wanted to go and extract some summary reports from the database splitting down alerts by Event Set group. Something sort of similar to the red/green smarties screen, but a bit more useful. It's not so hot for this in that all the alerts get lumped under one splodge.


    Incidentally, how do you manage this just now - by e-mail?


    gordon



    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: gordonc
  • Actually, while you can't "see" the Alerts & Alarms generated by your Custom Event Sets in the "Monitor" area, you could generate Log reports that list the machines that have alerts generated byou your Event Sets. This could give you something close to what you're looking for.

    We use both email and the Monitor Console to manage the Alerts and Alarms.


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: vplaza
  • As long as the linkages and references exist in the database I'll be happier. I'm in the process of tracking these down at the moment for an alternative dashboard.

    gordon


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: gordonc
  • vplaza wrote:
    Gordon,

    In Monitor > Alerts > Application Events (as well as Security Events & System Events), when you select an Event Set for machines, each Event Set will be listed under each machine showing who each set will email and the EWISF info.

    Does this not show up in your view?

    Vince


    On the e-mail you receive, does it show the name of the custom Event Set? I was just checking the test set I configured and I'm not seeing the name of the event set on the e-mail either.

    gordon


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: gordonc
  • gordonc wrote:

    On the e-mail you receive, does it show the name of the custom Event Set? I was just checking the test set I configured and I'm not seeing the name of the event set on the e-mail either.

    gordon

    No, it does not. I agree that it would be nice if it did.

    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: vplaza
  • In that case , back to the subject of my message - I must be missing something somewhere. Where does the actual name of the event set get reported?

    The docs tell us to set up a "catch all" that alerts on all events and then to refine it with custom sets to flag particular types of error and to exclude others.

    I still can't see where these custom event names appear once the alert is raised.

    gordon


    Legacy Forum Name: Monitor/Event Sets/SNMP Sets,
    Legacy Posted By Username: gordonc