It would be cool if it were possible to test for one event as a bad condition and then switch to looking for another event to say that the condition has gone good again (or vice versa).
Eg.
Event: 3000
Source: APCPBEAgent
Log: Application
indicates that the System has lost comms with the UPS (bad - get out of bed and start putting clothes on)
Event: 1002
Source: APCPBEAgent
Log: Application
indicates that the system has restored comms with the UPS (ok - switch the pager off and go back to bed).
A timer to set how close the two events can/cannot be to each other would enhance the functionality. For example: if I start to see say twenty failed login attempts in close succession and then a successful login attempt within 5 seconds I could assume that I've probably just been hacked into and should investigate.
I have a few other aplications where this would be nice such as Virus outbreak alerts and AV updates.
Cheers, Svend.
NT Events: different event for bad and good condition
... and please implement a function similar to that in SNMP-Trap
With this option set no Event LOG entry is missed without beeing seen and acknowledged .
http://www.ks-soft.net/hostmon.eng/tests.htm#snmptrapPlus there is one more option for “Good” status:
Set Ok status by acknowlegement (manually)
With this option enabled, test item will remain "Bad" until operator Acknowledge status (then status will be changed to Ok)
With this option set no Event LOG entry is missed without beeing seen and acknowledged .