Search 85,731 posts and 651 resources contributed by 43,407 members or post a topic.

Already Joined? Sign in
Event Log Monitor - Want to trigger alert if it finds 5 entries in the log

Page 1 of 1 (2 items) | RSS

rated by 0 users
Not Answered This post has 0 verified answers | 1 Reply | 2 Followers | 540 Views


1 Posts
Points 3
sbarden posted on Thu, Apr 9 2009 3:32 PM
rated by 0 users

In ipMonitor version 8 and earlier, I was able to configure event log monitors to send an alert only if it saw x number of entries that matched the search criteria.  Essentially, if our web app threw one error, we'll review it in the morning.  If it throws 5,10 or continuous errors in the event log, I want to send an email to the on-call phone.  

I'm at a new position now and have installed a trial copy of ipMonitor 9 and am trying to configure the event log monitor to do the same thing.  I works in finding the pattern but sends an email after only 1 event even though I have "Accumulated Failures per Alert" set to 5.  In addition, while it sends an email, the monitor is never "down".  I recall in earlier versions, the monitor would be down until the next test, say 5 minutes later.  

 

  1. Can the new version do what I'm asking?
  2. Is there a setting I'm missing?
thx,
sean

 

 

All Replies


228 Posts
Points 2,260
SolarWinds Employee
Fodome replied on Fri, Apr 10 2009 9:11 AM
rated by 0 users

Hello sbarden,

There were no changes made to the ipMonitor Event Log Monitor between version 8 and 9.  As a result, the following ipMonitor 8 article is also valid for ipMonitor 9:

http://support.ipmonitor.com/helps/8b980326971d4cbc88ec362af0bec04f.aspx

There are currently 3 different options within this Monitor:

  1. Combine up to 15 Found Scenarios into one Alert: 15 individual Information Alerts will be folded or merged into a single Alert. This is ideal for Events such as Information types that are apt to generate many of the same Events.
  2. Disabled - Send up to 5 Information Alerts (Individually): Refers to the "fold" feature. This option will send up to a maximum of five Information Alerts, one for each matching entry that is located. This is ideal for Events such as Application Errors.
  3. Disabled - Send first Found Scenario: Sends a single Information Alert for each Monitor test, regardless of how many matching entries are located. Only the first matching entry will trigger an Information Alert. This is ideal for Events such as Security, when you want to be informed immediately or take immediate action. 

All options will send you a notification if one or more matches are found.

One thing to keep in mind is that the Monitor does not fail when it finds a match.  The only time it will fail is if it cannot read the event log.  That is when the "Accumulated Failures per Alert" is observed.

Do let me know if you have any additional questions regarding this.

Chris Foley - SolarWinds - Support Specialist
Support:  866.530.8040  |  Fax: 512.857.0125
network management simplified  |  solarwinds.com

  • | Post Points: 1
Page 1 of 1 (2 items) | RSS

© 2003 - 2010 SolarWinds, Inc. All Rights Reserved.

Who is SolarWinds?

SolarWinds is rewriting the rules for how companies manage their networks. Guided by a global community of network engineers, SolarWinds develops simple and powerful network management software and network monitoring software for networks of all sizes. SolarWinds also offers a network certification program to become a SolarWinds Certified Professional (SCP).

What is thwack?

thwack, SolarWinds online community site, was designed by network engineers, for network engineers. thwack is a vibrant, growing community of more than 30,000 IT pros who share a passion for technology.

Explore Resources, Answers, Templates, and Advice

Download Free Networking Tools

Learn More About SolarWinds Products