Kaseya Community

Eventlog Monitoring to different Alarm Group Column

This question is answered

Hello,

I'm trying to configure Kaseya to monitor RAID monitoring by checking for certain event ID's. I found all the ID's i need, but I can't change where Kaseya generates the alarm (default : Events i think). Since it's the RAID i'm monitoring I want the alarm to be under the "RAID" columnn, which i created for this.

I found a post on this forum where they explain a way to do this via process monitoring, but I didn't quite understand it. Can someone explain to me how this is done ?

Thanks in advance

Verified Answer
  • KProcessMon.zip

    Disclaimer:
    Use the attached files at your own risk!

    Here are my files that I'm currently using. 

    The idea is that you create a new procedure for every alarm you want to generate and you specify the name of the executable in a variable in that procedure before you execute  my sub procedure that way you only need store a single copy of the fake process on your Kaseya server and the agent procedure renames it when it uploads it to the target machine if/when the procedure is triggered.

    I put some instruction in the Readme.txt in the zip file and I included the source code for the exe file.

All Replies
  • You want to make your event monitor set execute a script that will run a fake processes that does nothing other than run for 1min. Then you want a process monitor set that looks for the fake process and generate an alarm when its detected.

  • Hi,

    Thank you for helping me out.

    I tested it out on my laptop, by checking for a standard system information event and added an alert to the event monitor so i could find the problem.

    The alert for the event gets generated, but the monitoring set won't detect the process. I think it is because it won't check for it at the right time. 

    Can you help me with this

    This is the script i wrote, that executes the fake process.

    And this is my monitoring set

    Thanks

  • Hi  

    Interesting, does the process name show exactly like that in Task Manager?

    It may be worth while to wrap the process name in wildcards, meaning *RAID_Failure.exe*.

    This may capture the process if any characters are not being considered.

    Kind Regards,

    Nicolas

  • KProcessMon.zip

    Disclaimer:
    Use the attached files at your own risk!

    Here are my files that I'm currently using. 

    The idea is that you create a new procedure for every alarm you want to generate and you specify the name of the executable in a variable in that procedure before you execute  my sub procedure that way you only need store a single copy of the fake process on your Kaseya server and the agent procedure renames it when it uploads it to the target machine if/when the procedure is triggered.

    I put some instruction in the Readme.txt in the zip file and I included the source code for the exe file.

  • I just posted and attached an agent procedure that should work, but its has been mod'ed.

  • It's been approved.

  • Hi,

    Sorry for the late reply.

    I got it to work : all i had to do was swap the fake process i had with the one HardKnoX send me.

    The previous version of the fake process was from an earlier thread and had 30 sleeptime. The newer version has 60 seconds. I edited my script to match the new file (it runs the process 3 consecutive times) and now the monitoring set does locate the process and trigger the alert.

    Thank you all for your help.

    Kind regards,

    JurgenC