Follow

Event Log collection has drastically increased per day after a fresh build and copying over the data

Symptom

As part of an upgrade or change to new hardware you've built a new server and installed Kaseya then copied the files from the old server to the new one and Restored the database. Post the change you're database is growing fast.

 

Further investigation

After further investigation you've noticed that the even't logs collected per day has drastically increased.This can be found by comparing the size of the event log tables per day "ntEventLog20150109,ntEventLog20150110..."

-Note This is not to be confused with the server retaining the event logs longer than it should.

 

Problem

By default Kaseya no longer excludes some events from being brought back to the server. This means if you perform a fresh install and don't copy over your existing exceptions the server will now start collecting more event log information then it previous was, resulting in a great SQL db size.  

 

Resolution

Copy the exceptions from your previous build. They can be found here.

C:\Kaseya\WebPages\ManagedFiles\VSAHiddenFiles\ evLogBlkList.xml

C:\Kaseya\WebPages\ManagedFiles\VSAHiddenFiles\ evLogBlkListEx.xml

If you don't have access to your previous server this if the 6.3 default exceptions for evLogBlkList.xml

<?xml version="1.0" encoding="ISO-8859-1" ?>
<EventLogBlackList version="1.0" OverflowTime="3600" OverflowCount="1000">
<EventLog Name="Application" ID="796450521">
<Def Information="1" Source="HHCTRL" EventID="1903" />
</EventLog>
<EventLog Name="Security" ID="1664713117">
<Def AuditSuccess="1" Source="Security" />
<Def AuditSuccess="1" Source="Microsoft Windows security audit%" />
</EventLog>
<EventLog Name="System" ID="1380569194">
<Def Warning="1" Source="%SpoolerWin32%" EventID="4" />
</EventLog>
</EventLogBlackList>

2-1.JPG

 

Affected  versions

6.5,7,8,+

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.