Kaseya Community

Noisy Reboots

Posted by LegacyPoster

on Jan 30, 2008 12:53 PM

Hi there,

We are working hard to trim down the number of events we see (we are monitoring the Error events from all logs on our servers). One of the biggest noise-makers is when a server reboots. If I'm scheduling a reboot I can set Kaseya to ignore alerts from that server for the next few minutes. But if there's an unexpected reboot for one reason or another, we are inundated with alerts. A reboot last night generated over 30 alert e-mails (which just end up being hard to sort through when you've got 300 other alerts to deal with in the morning).

Does anybody out there have a creative way to stop logging for a few minutes following a reboot?

Cheers,
AR

Legacy Forum Name: Noisy Reboots,
Legacy Posted By Username: arobar

Posted by LegacyPoster

on Jan 31, 2008 6:52 PM

Yes it can get a bit messy.... your best bet would be to create a high priority event set that fires off emails only when selected important events occur..

we use:

<?xml version="1.0" encoding="ISO-8859-1" ?>
<event_sets>
  <set_elements setName="High Priority Events" eventSetId="44830995">
    <element_data ignore="0" source="EventLog" category="*" eventId="-1" username="*" description="*"/>
    <element_data ignore="0" source="Storage Service" category="*" eventId="-1" username="*" description="*"/>
  </set_elements>
</event_sets>

 This fires off emails only when those specific events occur.... the rest of the error events we leave to get picked up as standard alerts.

This one shows us HDD events for Dell servers, and the dreaded "The previous system shutdown at xxxxx on xxxx was unexpected"

We then add to it only items that require our immediate attention.

We typically use about 8 event sets for servers and 5 for workstations... each deals with specific problems and we can then decide on appropriate alerting:

APC Powerchute Events
Backup Event Sets
Exchange 2000/2003/2007
Common Server Events
Common Workstation Events
IIS 5.0/6.0
ISA Server 2000/2004
AntiVirus Events

We also use an excluded event list to filter out those annoying messages that really dont mean much... we find that windows event logs can be full of repeated error messages that we either cant fix or dont care about... we just add them to a big list and update it when we find new annoying messages.

I am sure other companies do it differently but its a case of finding the right fit for your resources.

Legacy Forum Name: Event Sets, 
Legacy Posted By Username: dgrout@datrix.co.uk

[edited by: Brendan Cosgrove at 5:33 PM (GMT -8) on 12-17-2010] .

Posted by LegacyPoster

on Feb 21, 2008 7:48 AM

Your setup looks like it would fit my company exactly. We are currently looking at how to setup our event sets to minimize the number of alerts but still know what is going on.

Would it be possible for you to post those event sets here? It would be a great resource to have for me, as well I'm sure many others.

Thank you

Bill

Legacy Forum Name: Event Sets,
Legacy Posted By Username: bill.gowland@popularnetworks.com

Posted by LegacyPoster

on Feb 21, 2008 8:27 AM

They would be nice to have.

Legacy Forum Name: Event Sets,
Legacy Posted By Username: GrantB

Posted by LegacyPoster

on Feb 22, 2008 1:10 AM

Feel free to email me if you want a copy of them.. We try to avoid handing them out on these forums because of the time it takes to organise/research these things and some of you may be our competitors...(and my boss would kill me) Eek

Also the new kaseya 2008 should have more comprehensive events set templates built in so you may be better off building your own off this platform.

www.eventid.net ... most of the ones we have we found by using the search functionality on this website... well worth paying for a subscription.

Legacy Forum Name: Event Sets,
Legacy Posted By Username: dgrout@datrix.co.uk

To Reboot or Not to Reboot...

Awaiting Reboot

Reboot at a Time

Reboot Required

alarm on reboot

Noisy Reboots