I'm sure this has been discussed many times but I can't find a way to get this working...
How do we get hard drive fail logs etc into Kaseya.
Any help would be appreciated.
Hello. You need to ensure that on your HP servers that you have installed the WBEM HP drives from the latest Support Pack from HP. Once installed, the WBEM HP agents pass the HP alerts to the operating system event logs. From there Kaseya picks them up. Has been working great for us.
Wow! is it as easy as that or is there more to configure?
as easy as that. Install HP Wbem. then setup an event log monitor to pick up any issues logged.
Exactly what we do, works just fine.
Thanks for this,
Where can I get a list of event log IDs to monitor?
We wrote a blog article on this years ago, but I updated it to include the new Event sets from the HP pdf.
What a gentleman,
That saved me some time.
Just came across this post. We are trying to do this on a Dell server and not getting it. Can anyone provide some guidance? Thanks much!
Good day bjupena,
I have the impression you are looking for this on dell: Open manage: www.dell.com/.../support-for-dell-emc-openmanage-server-administrator-omsa
It is normally installed on Dell servers; they have a module for CLI: www.dell.com/.../using-the-server-administrator-command-line-interface
Complete CLI user guide also here: topics-cdn.dell.com/.../openmanage-server-administrator-v95_CLI-Guide_en-us.pdf
This other is the online version: www.dell.com/.../cli-command-syntax
I have done it before, so i know it is possible.
Thank you for your response miguel_c! I was looking for a way to set it up in VSA. Based on your experience and knowledge is there a way to set it up in VSA? I will look into setting it up in Dell OMSA, but I'd like to have all monitoring and alerts coming from within VSA. Thanks again!
bjupena , we cover that as part of the same article and event set referenced above.
Couple points... and Chris Amori may mention this in his article... but its worth over emphasizing both.
Collect vs MonitorKaseya can Monitor for Events and it can Collect Events. IF you Collect Events, then you can ONLY monitor for Events you are collecting. So if you collect only Error Events for System, then you can NOT alert on Warning Events for System, for example.
Collecting Events can be dangerous. For example, if you Collect Information Events for Application, or Success and Failure Audit's for Security... it is not uncommon, depending on the debug level of the endpoint, do have these events fire 10, 20 or more times per second, per machine... in effect, you are creating a distributed denial of service attack (DDOS) by your Agents against you VSA. Even a relatively small number of Endpoints can have a negative effect on a VSA's performance. Poor Event collection hygiene is also one of the leading causes of database bloat.Unless there are reasons otherwise, you best to NOT Collect... just monitor for Events of specific interest and create alarms from these so they are retained. (Like System Log, ERROR, Event ID 6008, Disc: Unexpected System Shutdown) This way you are alerted if a server BSOD, reboots, BSOD, reboot... Agent offline wont tell you because it keeps coming back online for a few moments... and I have a log in Alerts of when Systems have rebooted unexpectedly. IF you do chose to collect, remember... this IS NOT a SIEM (System Information and Event Management)! You should Collect Error, Warning... maybe Failure, Critical... retention should be less then 3 days... preferably just 1 day and do NOT collect *All Events* for any Type. If you collect, There is a legacy report you can run, Info Center>New> Legacy Reports> Logs> Event Frequency... this will show if you the top recurring Events and its the number of times it occurs. This can help find machines that are over sharing.
Last point on this... There is "Flood Detection" built in that IF a Machine sends more then 1000 events by a single agent within one hour, further collection of events from that Agent, of that log type, are stopped for the remainder of that hour"... which means you can miss alerts and the monitor can no longer be trusted. For the record, I have encountered Endpoints that have shared more then 10,000 Events in an hour and somehow successfully inserted ALL into the DB... so don't bet your job on Flood Detection;-)
Event Types Missing?
If you have a Windows Event Log Type (types being System, Application...) that you want to monitor but it is not listed in your VSA (Like Sophos or TimeBroker...) then you can run an Update List By Scan (ULBS) on a system that has these Event Types, then they will be added to your list of Event Types to Monitor.
CAUTION: ULBS is VERY resource intensive for ANY VSA as it can create millions of inserts into the database. Running ULBS on even a few machines simultaneously can result in latency and or outages... use it rarely, strategically and after hours... NEVER schedule this to recur or as a policy. Just because you can does NOT mean you should ;-)
Hope this helps.
We have used the HP WBEM and Dell Open Manage for years until now we can no longer use the HP WBEM as it is now deprecated and no longer available on GEN10 servers and above. Will not even install.
HP now wants you to use ILO 5.1 integration with Windows OS and SNMP. We have gone through the ILO5.1, HP Proliant server, and other HP documentation in order to onboard monitoring in kaseya. A complete disaster and we are no longer able to monitor server events in Kasya without major requirements, reconfiguring alarm and monitoring sets and implementation of old school SNMP. HP has made this way more difficult than what it needs to be. At this point we are not getting any good monitoring events from HP Proliant GEN10 servers until we revaluate and test the new HP method of doing monitoring. They are also pushing their monitoring into their proprietary Open view which requires additional licensing.
In addition, HP has changed how we do firmware and patching as the HP SUM SPP no longer deploys to HP Gen10 servers as it is now to be done with the ILO 5.1 interface. We have been documenting this new process and it is convoluted as well.
So in short for HP GEN10 systems, out with the old and in with the new and maybe because it's new, we all don't have a clue how it is supposed to work yet nor how do we get it to work?
Will post our findings as we are predominantly HP servers.
HP Link to monitoring with ILO 5.1