jasonbYou have to create a event set to just look for certain events and not everything.
You add this in with your other event sets.
Its kind of hard to explain.
Hope this helps.
LmhansenThat's not how event sets works.
Event sets just "triggers" when there's an event that matches the set. In order to have an event set trigger any action based on Informational Events, the agent have to be configured to log all informational events, hence your event logs will quickly fill, and you risk running into overflow issues.
If there is a script available to re-enable the logging after an overflow, I would very much like to see that myself.
DiPersiaTechJason - what we're saying is, you need to make sure that informational logging is turned on on the agent. Too often, info events flood the log and it gets turned off - you'll see a red letter (In your picture) when this happens. I was just hoping for a way around this issue where we can just "watch" info events, but not log them and still setup event sets.
DiPersiaTechWe want to monitor events in the system log, such as when a system reboots. These are purely informational alerts, and if we try to capture info events, lots of times, we go over the limit of logging and it gets shut down.