hi support,
I am using HM for monitoring events logs.
I am using advanced mode for filtering the events
('%SimpleStatus%'=='DOWN') and ('%Reply%'<>'%LastReply%')
So that I wont get repeated same events logs, but it wont work correctly because of change in time or multiple different events occurs at same time repeated, Yesterday I got around 4k events log alerts emails from one server.
So my question is this possible for make it more advance and it check the event log for last 3-4 events instead only 1.
Reducing Number of alerts for event logs
Not sure I understand correctly. You want to receive notification about every new event so you are using "Report about all events" test option? But you do not want to receive 5 e-maisl when 5 new events detected. You want to receive 1 e-mail with information about all 5 events?So that I wont get repeated same events logs, but it wont work correctly because of change in time or multiple different events occurs at same time repeated, Yesterday I got around 4k events log alerts emails from one server.
So my question is this possible for make it more advance and it check the event log for last 3-4 events instead only 1.
Sorry, there is no such option.
If you set "Report about last bad/good event" option, you will receive e-mail with information regarding latest event but then you will need to check logs for other events...
Regards
Alex
Last edited by KS-Soft on Fri Jul 25, 2014 4:55 am, edited 1 time in total.
-
KS-Soft Europe
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
As I understand, you are using Advanced mode action to filter generated e-mails?
You may try the following expression:
('%SimpleStatus%'=='DOWN') AND ((%Recurrences%==1) OR ('%PrevNTEventID%'<>'%NTEventID%') OR ('%NTEventSource%'<>'%PrevNTEventSource%'))
It should filter similar consecutive events (same Event ID and Event Source)
You may try the following expression:
('%SimpleStatus%'=='DOWN') AND ((%Recurrences%==1) OR ('%PrevNTEventID%'<>'%NTEventID%') OR ('%NTEventSource%'<>'%PrevNTEventSource%'))
It should filter similar consecutive events (same Event ID and Event Source)
Thanks for the reply,
@KS-Soft Europe
No it wont help,
I am still getting same events repeated it.
I think i should have explain more. I have set alerting only for error events.
Suppose
1. Error Event A occurs at 5:00 AM, I get alert about this.
2. Error Event B occurs at 5:10 AM, I get alert about this.
3. Error Event A occurs again at 5:20 AM, I should not get alert about this, since my team is already start working on it.
That why I want to check not only for previous or last reply but also last 5 replies before generating alerts.
Sometimes it some services create this type of scenario that it generate same set of events let say set 4 different events, which occurs continuously with in a fraction of 1 - 2 seconds, which create alerts 2 - 3k. and my inbox get full.
@KS-Soft Europe
No it wont help,
I am still getting same events repeated it.
I think i should have explain more. I have set alerting only for error events.
Suppose
1. Error Event A occurs at 5:00 AM, I get alert about this.
2. Error Event B occurs at 5:10 AM, I get alert about this.
3. Error Event A occurs again at 5:20 AM, I should not get alert about this, since my team is already start working on it.
That why I want to check not only for previous or last reply but also last 5 replies before generating alerts.
Sometimes it some services create this type of scenario that it generate same set of events let say set 4 different events, which occurs continuously with in a fraction of 1 - 2 seconds, which create alerts 2 - 3k. and my inbox get full.
-
KS-Soft Europe
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
It's impossible to filter events the way you described.That why I want to check not only for previous or last reply but also last 5 replies before generating alerts.
You may get alerts for the first 5 or 10 evens and ignore rest "tones" of events using standard mode action settings:
Start when [1] consecutive "Bad" result occur
Repeat [5] time(s)
On the other hand, if you often get tons of "Bad" events and you don't want to skip sime alerts, you may write consecutive Bad events to the log file and send e-mail alert with attached log (including lot of consecutive events), or with events text in e-mail body.
How to setup alert profile:
"BAD" status actions
1. Check host again: Start when 1 consecutive Bad result occur; Repeat: until status changes
2. Record info into HM log: Start when 1 consecutive Bad result occur; Repeat: until status changes
Mark: Add record into specific log file (e.g. D:\templogs\eventlog.txt)
"GOOD" status actions
1. Send e-mail action: Start when 1 consecutive Bad result occur; Repeat: 1 time(s)
you may enable "Attach file" option and specify filename or use <<IncludeFile=D:\templogs\eventlog.txt>> in mail template to include log text into e-mail body:
2. Execute external program: Start when 2 consecutive Bad result occur; Repeat: 1 time(s)
Command line: cmd /c del D:\templogs\eventlog.txt
With these settings, HostMontor will write temporary log when test gets Bad status and always, after detected Bad events gats Ok status (Because of Check host again action). After first Ok status, HostMonitor will send you e-mail with all events, recorded into the temporary log. After second Ok status, temporary log will be removed by "Execute external program" action.