Follow

Event Log Set Troubleshooting

Troubleshooting Event Log alerts and collection.


Identify whether its is problem with the Event Set being used or a problem with Event ID monitoring in VSA?


1. Enable Event Log collection in the VSA for the affected endpoint.

  • Agent > Machine Status > Event Log Settings. Add the The required Event Log types and Critical event categories e.g. Error/Warning/Critical.
  • This only allows you to see Event IDs in the Agent Logs > Event Logs. Event log alerts are still generated even if event logs are not collected by the VSA

2. Create a sample Event Log Alert in this example it is event ID 35

2014-12-09_1144.png

  • Apply this to the affected machine and define it to match Errors/Warning/Critical errors.
  • Set the alert action to generate a Alarm.
  • Set it to Alert when this event occurs once and ignore addutional alarms for 1 minute.
  • Verify that the Alertset.xml file in the Agent working\KlogConfig folder has been updated with the details of the Event Log Alert

3. Manually create a event ID 35 on the endpoint and verify that it is being picked up by event viewer.

To do this:
From a CMD prompt run this command.

  • eventcreate /ID 35 /L SYSTEM /T ERROR /SO VXIO /D "This is a test Event ID generated by Kaseya Support please ignore"
  • This will generate a Event ID 35 System Error and the Source filter is VXIO.
  • On the Endpoint in Event Viewer verify that the Event ID is generated?
  • In the Agent Logs > Event Logs - System, verify that the Event ID is collected?
  • On the Alarm Summary page, verify the alarm is generated?
  • If an alarm is generated then you know the problem is a configuration issue with the Event Set monitoring already applied.

Common problems.

  • Filters used when configuring Event Log Alerts are not accurate or too restrictive.
  • The ignore additional alarms setting is configured for too long a time period.
  • Event ID's have been set to be "Ignored" in the Event Set configuration.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.