Kaseya Community

Monitor Event logs through policy

This question is answered

I would like to set up alerts for the "Unexpected shutdown" event log. Is there any way to plug this in through a policy? I have not come across a way so far.

Verified Answer
  • it is easy to do...   Just look under Alerts, Event log alerts and add it there.      

    FYI, for servers we set it to rearm right away, for workstations it has to happen twice inside of 8 hours before we alert, 8 hour re-arm.

All Replies
  • From what you are mentioning I am guessing that you would be looking for an Event 6008 EventID.  Setup an Event Log Alert - System - Warning and then specify a Source Filter of Eventlog and an Event ID of 6008.

  • Yeah, I've created that but it appears that you cannot put an Event Set into place through policy. :(

  • it is easy to do...   Just look under Alerts, Event log alerts and add it there.      

    FYI, for servers we set it to rearm right away, for workstations it has to happen twice inside of 8 hours before we alert, 8 hour re-arm.

  • We apply every single monitor to all agents via policy - never manually apply anything. The way we create our monitors, we can even identify the action we run in response to the alert, the priority of the event, and limit it to servers or workstations.

    Setting up the policies can initially be tedious - but worth the effort. I manage a VSA with over 3000 endpoints and spend maybe 15 minutes a week keeping it running.

    Glenn

  • Perfect Chris, thank you that's what I was looking for.