Ask the Community
Groups
Event Log Set Troubleshooting - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>Troubleshooting Event Log alerts and collection.</strong></p> <p><br>Identify whether its is problem with the Event Set being used or a problem with Event ID monitoring in VSA?</p> <p><br>1. Enable Event Log collection in the VSA for the affected endpoint.</p> <ul><li>Agent > Machine Status > Event Log Settings. Add the The required Event Log types and Critical event categories e.g. Error/Warning/Critical.</li> <li>This only allows you to see Event IDs in the Agent Logs > Event Logs. Event log alerts are still generated even if event logs are not collected by the VSA</li> </ul><p>2. Create a sample Event Log Alert in this example it is event ID 35</p> <p><img src="/attachments/token/4JeprfgpBpxwYLp8ymIhButVd/?name=2014-12-09_1144.png" alt="2014-12-09_1144.png" class="embedImage-img importedEmbed-img"></img></p> <ul><li>Apply this to the affected machine and define it to match Errors/Warning/Critical errors.</li> <li>Set the alert action to generate a Alarm.</li> <li>Set it to Alert when this event occurs once and ignore addutional alarms for 1 minute.</li> <li>Verify that the Alertset.xml file in the Agent working\KlogConfig folder has been updated with the details of the Event Log Alert</li> </ul><p>3. Manually create a event ID 35 on the endpoint and verify that it is being picked up by event viewer.</p> <p>To do this:<br>From a CMD prompt run this command.</p> <ul><li>eventcreate /ID 35 /L SYSTEM /T ERROR /SO VXIO /D "This is a test Event ID generated by Kaseya Support please ignore"</li> <li>This will generate a Event ID 35 System Error and the Source filter is VXIO.</li> <li>On the Endpoint in Event Viewer verify that the Event ID is generated?</li> <li>In the Agent Logs > Event Logs - System, verify that the Event ID is collected?</li> <li>On the Alarm Summary page, verify the alarm is generated?</li> <li>If an alarm is generated then you know the problem is a configuration issue with the Event Set monitoring already applied.</li> </ul><p>Common problems.</p> <ul><li>Filters used when configuring Event Log Alerts are not accurate or too restrictive.</li> <li>The ignore additional alarms setting is configured for too long a time period.</li> </ul><ul><li>Event ID's have been set to be "Ignored" in the Event Set configuration.</li> </ul> </article> </main>