Posted by JARVIE
Digon

EVENT ID MONITORING

Would like to be able to create a policy in Monitoring by Event ID(s).

Essentially be able to select or type in one or more event ID's to monitor and create a policy for.

1 Accepted Solution

Accepted Solutions
Posted by JARVIE
Digon
Solution

Re: EVENT ID MONITORING

Yes, that sounds like it would be a good solution!

4 Replies
Posted by Remote Management Staff
Remote Management Staff

Re: EVENT ID MONITORING

Hi @JARVIE 

If I understood correctly this is possible to do. 

If you add the Event Check you can select the type of the Log to query and then you can add the source and one ID or multiple separated by a comma. 

Let me know if this is not that intuitive and what it is confusing in the setup of this check. We might need to redesign how it looks. 

Product Owner, Remote Management services.
Highlighted
Posted by JARVIE
Digon

Re: EVENT ID MONITORING

Hi Stanislav,

I think I worded my post wrong.  What I want to do is NOT monitor.

For example we always get a ID51 Time-Service event.

I would like to be able to monitor for everything except that event, or any other event, you get the idea.

2 Replies
Posted by Remote Management Staff
Remote Management Staff

Re: EVENT ID MONITORING

Hi @JARVIE 

Thanks for clarifying the previous post. 

Unfortunately, it is very difficult to do exclusion based monitoring on Event ID's. Windows Generates a lot of events and querying them all will generate lots of alarms and on the system, the resource consumption of our service will go up. 

Maybe we could create exclusions for the source added. Meaning that you can add a source and some Event ID's to be excluded. Then all events for the source will be forwarded without the one excluded. It will do the same job as you described. 

I will forward this to the team and we will see how feasible this is. However, I cannot promise anything for now. 

 

Product Owner, Remote Management services.
Posted by JARVIE
Digon
Solution

Re: EVENT ID MONITORING

Yes, that sounds like it would be a good solution!