Kaseya Community

Event log monitoring

  • Has anyone compiled a master list of event sources/ID's or maybe just event sets to use that covers most hardware? Maybe even custom ones that cover items beyond the scope of the default Kaseya event sets?

    Legacy Forum Name: Event log monitoring,
    Legacy Posted By Username: boostmr2
  • you'd think there would be one out by now... it'd be nice...

    I use eventID.net for some troubleshooting, but the problem that I've seen is that most people have stopped posting there, and the information can be old (and often times unreleated)

    I've been trying to put a "generic" monitor (read: event) set together for a while now... but alas life and clients get in the way (read: I'm easily distracted... ohh look shiney)... TBH I've only set up one for disc errors, because it's the one that has been popping up recently... Other than that I haven't been as into it as I should be.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: thirteentwenty
  • A lot of people on here recommend alerting on all errors and warnings and to have an 'ignore' set instead.

    This will let you catch rare events, but the trade off is quite alot of noise until you fill out the ignore set a bit.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: ETG
  • We log all errors and warnings, anything "critical" like bad disc blocks and what not triggers alerts/alarms. We ignore nothing... The noise is almost worth it... in theory it should keep people busy in clearing up that stuff... though non-mission critical, it's nice to work for an "error free" environment... or get as close to it as possible.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: thirteentwenty
  • I'll "third" the noise method. Yea, there's a lot of extra alerts that come by, but really, why ignore the "Windows time is sucking" messages when you can fix the synchronizing by using a local University's time server? Customer value (or time sheet consistency).

    We enable critical and error for workstations, and add in warnings for servers. There's two main exclude filters, one for the common stuff we really don't care about (like the driver for the Lexmark printer we don't support hanging up), and a second one specifically for domain laptops that leave the office (to block out the "where's the domain server?" errors).

    This way, we only get what we haven't named in the exclude filter. You can then create yet another event set to trigger a ticket or script or whatever you need. Keep in mind that if something is in the exclude filter, that particular event will NOT trigger ANY alert on that machine, not even a specific makeapanicticket event set.

    I'd like to point out (and this is suggested in the help file) that you use a single common exclude filter (or as few as possible) to simplify troubleshooting.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: dwujcik
  • dwujcik
    I'll "third" the noise method. Yea, there's a lot of extra alerts that come by, but really, why ignore the "Windows time is sucking" messages when you can fix the synchronizing by using a local University's time server? Customer value (or time sheet consistency).


    That is a perfect example of how ignore is a bad thing, and why we don't use it... it's a simple fix that can be scripted and broadcast over an entire customer site (or sites if they're connected).

    ++ for dwujcik Smile


    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: thirteentwenty
  • we have been using the disk events memory dump print spooler unexpected shut down disk space for workstations and hardware monitoring for servers and everything is working well till now by receiving an email when any of those events are logged.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: aitcomputers
  • In the online training the said that there were already created Monitoring sets available in the forum. Can someone point me to them. Thanks

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: mica@shoshintech.com
  • mica@shoshintech.com
    In the online training the said that there were already created Monitoring sets available in the forum. Can someone point me to them. Thanks


    I was told the same thing, and what I found is that, they're here and there, dig through this topic and you should find some.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: thirteentwenty
  • Is there a way to have all eventlog critical events sent to an email account?
    Can this be done via monitor sets?

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: RoseC
  • RoseC
    Is there a way to have all eventlog critical events sent to an email account?
    Can this be done via monitor sets?


    Hi Rose,

    This really should be entered as a new post, but I'll give you the quick answer here.

    Yes, it is actually very simple. There is already a pre-made Event Set called that you can use. Simply select the "Error" event type and in the email section above check the box for Email Recipients and put in the email address you want. (Make sure you change the Event Log at the very top to the log you want to grab from.) Finally, apply this to the machines you want and you will get it started.

    Now, this will simply give you all the Error events. It may give you a lot of noise as well, but really any Error event should be looked into.

    Legacy Forum Name: Monitor Sets,
    Legacy Posted By Username: CCDave