I'm trying to configure Kaseya to monitor RAID monitoring by checking for certain event ID's. I found all the ID's i need, but I can't change where Kaseya generates the alarm (default : Events i think). Since it's the RAID i'm monitoring I want the alarm to be under the "RAID" columnn, which i created for this.
I found a post on this forum where they explain a way to do this via process monitoring, but I didn't quite understand it. Can someone explain to me how this is done ?
Thanks in advance
Disclaimer:Use the attached files at your own risk!
Here are my files that I'm currently using.
The idea is that you create a new procedure for every alarm you want to generate and you specify the name of the executable in a variable in that procedure before you execute my sub procedure that way you only need store a single copy of the fake process on your Kaseya server and the agent procedure renames it when it uploads it to the target machine if/when the procedure is triggered.
I put some instruction in the Readme.txt in the zip file and I included the source code for the exe file.
You want to make your event monitor set execute a script that will run a fake processes that does nothing other than run for 1min. Then you want a process monitor set that looks for the fake process and generate an alarm when its detected.
Thank you for helping me out.
I tested it out on my laptop, by checking for a standard system information event and added an alert to the event monitor so i could find the problem.
The alert for the event gets generated, but the monitoring set won't detect the process. I think it is because it won't check for it at the right time.
Can you help me with this
This is the script i wrote, that executes the fake process.
And this is my monitoring set
Interesting, does the process name show exactly like that in Task Manager?
It may be worth while to wrap the process name in wildcards, meaning *RAID_Failure.exe*.
This may capture the process if any characters are not being considered.
I just posted and attached an agent procedure that should work, but its has been mod'ed.
It's been approved.
Sorry for the late reply.
I got it to work : all i had to do was swap the fake process i had with the one HardKnoX send me.
The previous version of the fake process was from an earlier thread and had 30 sleeptime. The newer version has 60 seconds. I edited my script to match the new file (it runs the process 3 consecutive times) and now the monitoring set does locate the process and trigger the alert.
Thank you all for your help.