• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 23 subscribers
  • Views 166 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Event Log Monitor - Want to trigger alert if it finds 5 entries in the log

sbarden

In ipMonitor version 8 and earlier, I was able to configure event log monitors to send an alert only if it saw x number of entries that matched the search criteria.  Essentially, if our web app threw one error, we'll review it in the morning.  If it throws 5,10 or continuous errors in the event log, I want to send an email to the on-call phone.  

I'm at a new position now and have installed a trial copy of ipMonitor 9 and am trying to configure the event log monitor to do the same thing.  I works in finding the pattern but sends an email after only 1 event even though I have "Accumulated Failures per Alert" set to 5.  In addition, while it sends an email, the monitor is never "down".  I recall in earlier versions, the monitor would be down until the next test, say 5 minutes later.  

 

  1. Can the new version do what I'm asking?
  2. Is there a setting I'm missing?
thx,
sean
  • 0

    Hello sbarden,

    There were no changes made to the ipMonitor Event Log Monitor between version 8 and 9.  As a result, the following ipMonitor 8 article is also valid for ipMonitor 9:

    http://support.ipmonitor.com/helps/8b980326971d4cbc88ec362af0bec04f.aspx

    There are currently 3 different options within this Monitor:

    1. Combine up to 15 Found Scenarios into one Alert: 15 individual Information Alerts will be folded or merged into a single Alert. This is ideal for Events such as Information types that are apt to generate many of the same Events.
    2. Disabled - Send up to 5 Information Alerts (Individually): Refers to the "fold" feature. This option will send up to a maximum of five Information Alerts, one for each matching entry that is located. This is ideal for Events such as Application Errors.
    3. Disabled - Send first Found Scenario: Sends a single Information Alert for each Monitor test, regardless of how many matching entries are located. Only the first matching entry will trigger an Information Alert. This is ideal for Events such as Security, when you want to be informed immediately or take immediate action. 

    All options will send you a notification if one or more matches are found.

    One thing to keep in mind is that the Monitor does not fail when it finds a match.  The only time it will fail is if it cannot read the event log.  That is when the "Accumulated Failures per Alert" is observed.

    Do let me know if you have any additional questions regarding this.

    Chris Foley - SolarWinds - Support Specialist
    Support:  866.530.8040  |  Fax: 512.857.0125
    network management simplified  |  solarwinds.com

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.