5 Replies Latest reply on Apr 8, 2008 11:18 PM by Binskin

    Monitoring Server Event Logs

    Binskin Apprentice

       

      Im in the process of making GFI redundant in our network through implimenting LANDesk  operating system log monitoring.

       

       

      I was curious if anyone has managed to do this successfully, we are currently using 8.8 and i have not been able to find any documentation or general talk of using LD for this.

       

       

      At the moment i have setup 35 alerts based on the EvenID codes we are currently looking for with GFI - 531, 532 etc each as a seperate event. Completed basic Name / Desc / Polling Int @ std 10 minutes, in the OS log portion i have checked both warning and critical security check boxes and set the 'match substring' to the code i am looking for.

       

       

      Added all the events, selected an email notification action and time as always.

       

       

      I have successfully had service monitors working as a test with citrix IMA services and receive emails using the same action so i know its not an email config issue, the report log itself is not showing any hits for the alerts i have set.

       

       

      So far i have not been able to trigger an event based on this ruleset, im not sure what i could be missing here, but the lack of doco is proving difficult, has anyone had success with this?

       

       

      Any help would be greatly appreciated, Cheers - Ben

       

       

        • 1. Re: Monitoring Server Event Logs
          Rookie

           

          I am having the same issue.  At first I tried a rule specifying Critical events in both System and Application logs with no entry in the match substring field.  This malfunctioned on several servers and pulled in every event in the log (LD support is looking at this).  I then tried simple strings with no success.  If anyone has this working, any insights would be appreciated.

           

           

          Steve

          FAC

           

           

          • 2. Re: Monitoring Server Event Logs
            ProServices

            I have been able to set an alert action on a specific string in a specific windows event log file using 8.8. It works with the server manager agent, but i have not yet seen it work with the system manager agernt. I only tested using the EVENTCREATE command line, not with real world events, but I was impressed by the capability. The mistake I made was to realise at first that there are two different alerts, one for Windows OS event log files and another for text based log files. i actually found the help within the alert interface to be quite useful.. but I have yet to see any additional documentation.

            • 3. Re: Monitoring Server Event Logs
              Binskin Apprentice

              Just checking if anyone has had any movement on this issue, i am also trying to trigger alerts manually with the eventcreate command but can get no response from the system, other alerts work fine it just seems to be the OS log function that does not.

              • 4. Re: Monitoring Server Event Logs
                ProServices

                I noticed yesterday that th eventcreate tool works on Server2003, but on Windws XP it seems to have a problem with the event ID number, and writes an error in the event log rather than the text contained in the description field. Not sure if that is helpful?

                • 5. Re: Monitoring Server Event Logs
                  Binskin Apprentice

                   

                  My apologies, i re-read my post and it looks a bit ambiguous. What i meant was that i can successfully create error / warning messages etc on the server using the eventcreate command, but landesk ignores them.

                   

                   

                  The documentation is not very forthcoming in helping out, it doesnt describe where the search string is looking, if wildcards are required and if so which ones.

                   

                   

                  It would be an incredible tool, only if it were documented appropriately and worked.