Kaseya Community

Manging Alerts

This question is not answered

I'm having a lot of trouble managing the Alerts. Three of the biggest problems I have are:

  1. Some of my alerts arrive in pairs. I get two emails for each of them. But this only applies to some alerts, not others. It looks like Event Log alerts are duplicated, but not others. I assume that an alert has been duplicated somewhere in Kaseya, but I haven't a clue how to find them.
  2. When I set up Kaseya, I had all alerts going to one email address. I would like to change the email address they all go to. But there seems to be no way to alter the alert address, at least not in one place. It looks as though I'm going to have to change each of hundreds of different alerts, for each of my agents, individually. To put it bluntly, that just isn't possible to do, at this point, not with all the agents we have running. I assume there has to be a simpler way, but I can't see it.
  3. I'm getting alerts that are actually quite useless, and there is no reason to be told about them. The most common is Event ID 4226, when a workstation tries to create more than 10 TCP/IP connections. This particular limitation is designed into workstation OSes, so there is nothing that should be done about even if it were a problem that required fixing, which it doesn't. How do I turn them off? I have no idea where these are in Kaseya.

Any help would be appreciated. There is little, if any, instruction available on using Kaseya's Alerts. I'm not sure why it's so hard to navigate, but it is.

 

All Replies
  • Hi Dennis,

    Can't answer them all but for number 3 you have a couple of options.

    1. Create event sets and only monitor for those events

    2. Create an ignore event set and apply it to the machines - anything on this list will be ignored by kaseya alerts.

    We do a mixture of both - we have event sets setup for Priority 1 / 2 / 3 then we have our block list (ignore list) and then all other crap used to go to a mailbox for filtering but the flood gates were flowing too fast so we stopped this last part.

    Number 2 Email address issue - Depending on the alerts you are talking about there are a few options.

    If it is monitor sets you can create a view to filter by only machines with that monitor set applied then edit one of the machines change the address and select all machines and apply - now all the machines for that monitor set have the email address.

    If it is alerts as in Monitor Tab / Alerts then that is a bit trickier  - if you can group the machines in some way then you can do as said above for alerts also. the other option is to do it directly in the database - NOTE: YOU NEED TO KNOW SQL TO DO THIS AND YOU DO IT COMPLETELY AT YOUR OWN RISK - TAKE A BACKUP BEFORE)

    You can look at the tables relative to the monitoring (fairly clear naming convention) and find the email field and then search for the email address you know is currently there - then do an update on that table replacing the old with the new. We have done this before without issue for the same reason. There will be a few locations depending on what monitoring / alerts you have applied but all this data is in the database and the email address is always a separate field in the tables.

    Number 1 - duplicates - Without seeing your system its hard to troubleshoot however some things to try particularly with event logs is - are you just using the alarm system within kaseya or are you sending alerts out to a ticketing system. when you see a duplicate check that machine specifically and check under Agent Data / Monitor Action log - is that alarm there twice. Make sure if you are using event sets that they are not overlapping so you have Event 2020 in two event sets or you have two sets with * events - I know sounds dumb but we did that as we were using templates. If it is common with a machine I would strip the machine back remove event sets and just add a basic one monitor for one ID and then go to that machine and generate that event using eventcreate - see does it duplicate. If it is duplicating at your ticketing system make sure two mails are not been sent you could tell that by looking in the email log under system or checking message tracking in exchange if your using it.

    Hope this gives you some pointers..

    Michael

  • Oh just an add on

    To create an ignore event set you just go through the normal motions of setting up an event set but where you specify the event Id / description etc there is a little tick box that says ignore - you tick that and kaseya will then ignore events that match this description.

  • Thanks for the help. Unfortunately, creating an "ignore" event set is not possible, since I have no idea where the "4226" event is located within Kaseya Alerts. No idea whatsoever. Next to "Event Logs" is a pick-list of categories ... several hundred of them. Not one of them is named "4226," nor even some relevant, intuitively-guessable name like "TCP/IP."

    As for the duplicates, we aren't using ticketing. And again, I cannot find out where the duplicated events are located. This leaves me where I was before ... unable to find out how to find the duplicated alert and then delete the extra.

    And as for filtering by monitoring set ... I can only ask, uh ... what? How would I do that? I have no idea where that is.

    I should note that I have not actually changed any of the alerts, with the exception of a couple individual machines. They are all the "default settings" that came with Kaseya when we set it up. They have always behaved this way from the very start. I cannot find any training materials that address my concerns, nor is there any kind of comprehensive directory telling me how to find specific alerts. I have not been able to get any assistance from Kaseya, either. Even though I was supposed to have gotten trained on it -- I got zero training on Alerts and when I asked for some, I was rebuffed. Apparently there is no Alerts training to be had.

    Which is why I posted my question here.

    Clearly there's more to this, that a lot of folks (like you) are aware of, but I'm out of the loop, it seems. There has to be reference material somewhere that can help me, but I haven't found it (the Help pages are worse than useless) and Kaseya is deliberately obtuse about how to manage Alerts. Example: The email alerts. Why do they not include within them a trail of "bread crumbs" to trace them through Kaseya's Alert system? Why would this have been left out of it?

    That's deliberate obtuseness.

    Again, I thank you for your advice, but as it stands, I have no idea what to do with it. I have no frame of reference and not enough specifics in order to do anything.

  • Dennis, check your friend requests, you have a message from me. I may be able to help you out with your issues.