HiI seem to have an issue when i modify "Evenet log settings" in a Policywhen I add that I want logs om "Information" from the Security evetlog so I can create alerts from some account managment this does not apply.However if I Add information under Agent/Evetlog settings ( and reboot) the test server i can get the alerts to kickoff
So i know that my evetlog monitor is ok
Anyone else have issues with this and how would I attack this issue to solve it.On the latest patch and recentlt ran reaply schema**My main goal is just to get a mail when somneone creates a user ( eventID 4720)
You don't need to enable the "Event log settings" to alert off Windows event logs. This has been the case since either 6.3 or 6.5.
The "Event log settings" option is used to make Kaseya collect event logs and store them in the system. This used to be required for Kaseya to alert of event logs, but no longer is required.
All you need is to set up the event set with the event IDs you want and make sure you select the correct log type and the "EWISFCV" settings.
bauger34 is correct -- Event Log Settings are not required to trigger Event Log Alerts this dependency was removed in v6.3.
I would also be careful collecting Security event logs, these tend to be the noisiest and can quickly flood your system with tons of logs that may or may not be of value to you.
If you are having issues with your Event Log Alert, show us your configuration via screenshot and we can possibly advise what the issue is or alternatively a support ticket can be created for this.
thanks for your replys.
So If I get you correct I dont need to be able to see the events under
and the Agent logsThis is my monitorThe 1102 is just a test(clear security log)I tried the other events with just a wildcard also and no lucki can see the events in my labbservers securilog
Anyways This monitor i Added to a policy with the I for Information
I can add that i notice this error when I apply a changed policyeRROR: InitEventLogProcess() failed to load event log definition "c:\kworking\KLogConfig\alertSet.xml" [code: -4].So I would like to know how to get rid of that problem without to have to delte the present alert.xml file on all servers
No, you don't need to see them in the Agent Logs. I have event log collection disabled and when I check the Agent Logs my event logs are blank. Our event log alerting still works fine though.
Outside of the policy, if you just apply the event set to a machine does the alerting work? Make sure it is applied to the security log as well. In the screenshots below, the event sets will only alert for anything in the application log. It also has to match what I specified as far as error, warning, etc.
As far as the error, I would open a ticket with support for that. The "failed to load event log definition" might be the problem here.
I did try your suggestion to skip the policypart and just apply to the machine.
Still no success though
however i get the alert if i the eventID shows up here, then i acctually sets of the alarm
I recommend opening a ticket with support at this point. They can jump on there with you and either figure out what went wrong or determine if there is an issue with your system.
Hi thanks for the support bauger34
I will open a ticket because its something wird here