cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

Event log monitor

Hoping that someone can shed some light on this.  2020-09-21 10_06_33-Edit Application - vent log for UHSA0#.jpg

I have this event log monitor that doesn't seem to want to catch what I am looking for.  Yes, the error has happened but would like to utilize SW to trigger an alert on it.  Which is hard to do if the event log monitor never catches it.  

Thanks and Kudos abound for the people who help me out of the jam.  

0 Kudos
4 Replies
MVP
MVP

Per the others, triple check all the fields match exactly where you have configured any setting.
Log to Monitor = Application
Log Source = ASP.NET 4.0.3019.0 -- you may not need this if matching off the Event ID (and the ID is unique)
Event Type = Warning - if it's an Error or Informational Log, it won't match
Event ID (match specific IDs) = the ID matches
Include events - I would put this text in quotation marks
0 Kudos

@trilobite_rex perhaps the Event ID and the message don't coincide. If you are still having troubles, I would recommend turning on debugging and reviewing the log for that instance to get a better idea of what is occuring.

Enable Debugging

0 Kudos

Is this is existing monitor or you just created it ?

If you have just created it did you test if your match criteria is correct ? (Include events search criteria)

 

In case its new (i mean in case you just created it now):

How can i test that ? I can see the Event in my ASP log but how do i check if my monitor is fine ?

Verify when did this even occur in ASP log and then change your 'number of past polling interval: which is set to 1.5' from 1.5 to that many polling cycle. Assuming your template is set to 300 seconds that means this monitor will only check for Current Time - 450 seconds of data hence you will only see it go red (component down) if the event has occurred in last 7.5 mins.

 

This is how Windows Event log works:

1. Your search criteria should be apt, it should exactly match what you are looking for from the log.

2. Number of past polling interval - default 1.5 polling cycles.

3. Lastly the alert is auto reset - reason is very simple, every time you run this component monitor it will only search for events on logs for last 450 seconds which is true in your case, hence in last 450 secs if this particular event is not present on the logs then component will reset it by default.

There is another way to check this as well, go the node view on which this event log is and click on 'Real Time Event Viewer' , check if you can this event that you are trying to set a monitor on. if you do then create a template and monitor from that screen only.

RTE.JPG

https://documentation.solarwinds.com/en/Success_Center/SAM/Content/SAM-Real-Time-Event-Viewer-sw2603...

Hope it helps, in case you are already aware of all these steps and you still can't make it work then excuse me.

 

0 Kudos

@vinay.by this wasn't created yesterday I've had it cooking for at least a month if not longer.  

 

0 Kudos