Kaseya Community

procedure to automatic add evenlog to ignore list

  • Hi,

    is it possible to automatically add an event to the ignore list ?

    last night one of a clients server generated over 6000 alerts due to an i/o error on one of the disks....generating 6000 alerts, emails....

    would it be possible forexample if more than 100 events to add it automatically / dynamically to the ignore list to avoid overload of

    alerts, emails.....

    rgds

  • How about taking all the duplicate alerts/tickets and consolidating them into a single ticket instead

  • Hi Paul,

    we are not using kaseya ticketing system, but internal system.

    rgds

  • So do you email the alerts to your internal system ?

    If so then you can create a Service Desk ticket , then de-dup them , then get Kaseya Service desk to email your internal system instead

  • ok did a quick check but were is de de-dup procedure  ?

    do they need to be imported ? (shared folder seems empty )

    where do we indicate the address of our mails server ?

    rgds

  • additionally : I suppose this will not solve the problem of high nbr of alerts and only redure the nbr of mails.

    for the moment we "alerts" for the dashboard and a mail also goes to the mailbox of admkaseya.

    rgds

  • The answer is no, there is no way to automatically do it.

    We had a similar situation yesterday with one of our partners.   It turned out that when the Event Log was applied, there was no re-arm time set (it was set at zero).   Be sure to check all of your event logs to make sure you have some minimal amount of re-arm.   This should solve the problem with a run-a-way event.



    fix spellings - caa
    [edited by: Chris Amori at 2:24 PM (GMT -7) on May 5, 2015]
  • Be careful if you are using a blanket event log trap like us (a single event log policy which allows everything) that the ignore additional will ignore ANY not just the duplicates. I havent found a way around this as of yet, other than deleting the alarms in bulk.

  • Avoid using service desk to solve this issue, just use the monitoring in VSA to only trigger after so long of a re-arm.  The Re-arm is the key here. Reading your last post (blanket event log traps) sounds like you're using a single event log monitor set for everything. STOP you're going to want to get more granular on this, it'll save you your sanity. Setup multiple event logs for different things. Like one for disk errors, one for high cpu errors, etc... This will make it much easier to get accurate and adequate alerting on event logs.

    Take the approach to your ticketing system as Garbage in Garbage out. If you send in trash that's what you should expect to see. Clean your alerts and make the VSA send in clean and accurate reporting of issues.

  • danrche, Ive tried to get granular on event log monitoring, and unless you know every possible error that your software can throw, its futile. The only real answer is to log all warning/errors and blacklist out the ones you dont need.