Kaseya Community

Did not receive alert for event long monitoring event that occured

  • Hello. Looking for some help with Event Log monitoring

    We had a case this week where, we were monitoring event logs for specific events, a matching event occurred, but we did not receive an alert/alarm.

    The event log monitor was looking for
    · Source = Backup Exec System Recovery
    · Category Filter = *
    · Event ID = 100
    · User Filter = *
    · Description filter = *cannot create recovery points*

    The actual event discussion was:
    · Source = Backup Exec System Recovery
    · Category = High Priority
    · Event ID = 100
    · User = N/A
    · Description = Cannot create recovery points for job: Drive Backup of (C:\). Warning A7C30019: The type of errors encountered indicate that this hard disk drive is about......

    Seems like a match to me. But it did not trigger. Is it case sensitive? The only possibility of not firing that I could see was that the letter C in "cannot" is not capitalized in my Description filter, but it is capitalized in the actual description message.

    Any help or suggestions would be appreciated. Thanks in advance.

    Lloyd

    Legacy Forum Name: Did not receive alert for event long monitoring event that occured,
    Legacy Posted By Username: lwolf
  • In addition to checking out the case sensitivity, I have a few potential suggestions, please forgive me if these are overly basic.
    - Check for spaces in front of any of the values entered.
    -Assure that the type of event it is (error, warning, etc) is enabled for the host in event log settings

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: MaWi
  • Try this for the description filter:

    *cannot*create*recovery*points*

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: GDRBrian
  • FYI, I am actively working with a Kaseya Developer of this issue. Seems to be a bug somehere.

    Lloyd

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: lwolf
  • I am actively working with Corey in development on this issue. We found another example of a situation where, we were monioring for an event, the event occured, the event log was successfully uploaded to the kserver, yet the monitor action (ie Alarm, Email) that we had configured never occurred.

    He is looking for some other examples. I was wondering of anyone else has recently experienced this behavior? And if so, would you be willing to let Corey take a look at your kserver and that machine?

    At this point, he thinks it might have something to do with a change to an Event Set not being properly deployed to the machine.

    Lloyd

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: lwolf
  • lwolf
    I am actively working with Corey in development on this issue. We found another example of a situation where, we were monioring for an event, the event occured, the event log was successfully uploaded to the kserver, yet the monitor action (ie Alarm, Email) that we had configured never occurred.

    He is looking for some other examples. I was wondering of anyone else has recently experienced this behavior? And if so, would you be willing to let Corey take a look at your kserver and that machine?

    At this point, he thinks it might have something to do with a change to an Event Set not being properly deployed to the machine.

    Lloyd


    We are not seeing this problem but we do have a ticket open for events for which we monitor aren't generating an alert because the description field of the event is being received by the KServer (and we have a filter in the event monitoring set for text in the description field). Really weird.

    Michael

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: RCS-Michael
  • I had a similar issue and turned out that I did not enable monitoring that log for the particular agent. SOunds basic but check it from Agent -> Event log Settings and confirm you are capturing appropriate logs and Event types for that agent.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: richie3333
  • richie3333
    I had a similar issue and turned out that I did not enable monitoring that log for the particular agent. SOunds basic but check it from Agent -> Event log Settings and confirm you are capturing appropriate logs and Event types for that agent.


    We are definately capturing the corresponding event logs. We can see the events, in the copy of the event log that has been uploaded to the kserver.

    In talking with Corey, I learned that, although the event logs are uploaded to the kserver, starting with v5.0, it is actually that Agent that signals whether an Alert condition has been met. So, somehow, we are experiencing situations where the event actually occurs, the event log is successfully uploaded to the kserver, but the Agent is not raising the flag that an alert condition has been met, so the configured alert/monitor action is not being fired (such as Alarm, run script, send email, etc.).

    I had (incorrectly) assumed it was the kserver that determined if an Alert condition had been met. It seems that was the case with prior versions, but changed starting with v5.0.

    Lloyd

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: lwolf
  • fyi... i am still workign with K support on this.

    Lloyd

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: lwolf
  • I had a machine taken offline for twenty minutes today, the system never alerted, even though the checkin is every 90 seconds, and the alert is set for missing two checkins. What gives?

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: rdwilkerson
  • One of my techs assigned an email reader setting the same as another settings email. When that email sent in a ticket, it backed up the message queue.Smile

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: rdwilkerson
  • I'm still learning my way around, but one thing I've noticed, it seems every different place K uses a text search, the rules are a little different. Some take quotes, some don't. Some take wildcards, some don't. And the documentation isn't particularly clear what syntax is acceptable where. Sher wood be nice if text searching was consistent and well documented, eh?

    /kenw

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: Ken Wallewein