Kaseya Community

Confused by Event Log Monitoring

  • I'm afraid I'm very confused when it comes to event log monitoring.

    I understand how to create an event set, but when applying it, am I right that I have to know exectly which event log it would show up in, and tell the event monitor which log? E.G. application, system, etc?

    I thought I rememebered reading somewhere that an event log monitor would "capture" and event id no matter which event log it shows up in.

    Any clarification on how to properly set up a set and monitor would be greatly appreciated. I find it very confusing.


  • u have to know the log - so if system or application....

  • 3 main steps

    1. Agent / Event log settings - ensure on the machine that you have added the required event logs and also the types of events you want to collect (this is only the collection stage) I would avoid informational logs if you can as your server will be polluted with events.

    2. Create an Event set listing what you want to action on  - Monitor Tab / Alerts / Event logs

        in here you specify I want to look for event ID 1024 (for example)

    3. Then apply this event set to a machine - you pick the log you expect to see it in and then the action you want - create email / run script / log ticket etc - then apply to the machine.

    As per step 1 kaseya will collect the event logs for the machine and then run them through your Step 3 & 2 criteria to see if there is a match no match = ignore match = do the action you asked for.

    You can also create an event set to ignore events so collect all and alert on all errors except these ones....

  • how would you apply the event log sets using policy management?  it would seem that only Monitor sets not Event Logs sets can be applied this way.

  • They are applied in the"alerts" section of policy management , the same place you setup Offlines , Lowdisks Alerts etc.

    There is an Alert Type call "Event Log"

  • perfect thanks that works..