Kaseya Community

Event Monitoring Question

  • Just wondering how event monitoring is handled by the machine. Is it better to keep it simple and have 1 large event set assigned to all servers (including events not applicable to some servers e.g. exchange) or break them up into smaller applicable event sets and apply?

    Legacy Forum Name: Event Monitoring Question,
    Legacy Posted By Username: linda
  • linda
    Just wondering how event monitoring is handled by the machine. Is it better to keep it simple and have 1 large event set assigned to all servers (including events not applicable to some servers e.g. exchange) or break them up into smaller applicable event sets and apply?


    I originally went the route of setting up one big event set to ignore what we didn't need to see, but I'm regretting that now (and I'm now working to setup individualized sets per server role/workstation role). You don't really need one set per machine, but you might want to have one set for BES servers, one for Exchange servers, one for AD controllers, etc.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: arobar
  • arobar
    I originally went the route of setting up one big event set to ignore what we didn't need to see, but I'm regretting that now


    Can you expound on why you regret that?

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: RCS-Michael
  • [QUOTE=RCS-Michael;27281]Can you expound on why you regret that?[/QUOTE]

    It's not nearly granular enough, and even worse, it's hard to manage. Say I have a machine that I need to get certain events from, even though I want to ignore those events everywhere else (usually during the troubleshooting of an issue). With one big set, I either remove the ignore from the set and receive those events for all machines, or I remove the entire set from the one machine and receive all events that machine generates. Either way, I've just opened myself to being inundated with tons of alerts.

    Now if I have event ignores separated into machine role and I encounter the need to receive certain events for one machine, I can remove one particular ignore set. So if I need to see some BES alerts, I can remove just the BES ignore set from the machine (while the AD ignore set and Exchange ignore set remain on the machine). I will still get more alerts, but I didn't affect any other PC than the one I needed to, and I only received more alerts for a particular software role, and not all events on the server.

    Plus, it's a real pain to manage a big list. If I do need to edit certain events, I have to search through hundreds (if not thousands) of ignore rules which aren't sorted in any way, so it will take me much longer to find the rule I'm looking for. Versus each ignore set by software role would likely have 20 - 25 ignore rules in it.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: arobar