Hello,
We have noticed that sometimes when a server is failing in an unexpected way, there are hundreds of "Error" events in the system log. We don't know what the error will be. If we could make a test that would fail if more than X Error entries exist in the event log, it would be a major advance in our monitoring. Typically a server that is running fine might have 1-10 (unimportant) errors per day. But any time the total error count was above 25 or 50 then we know something really bad has happened. I could not figure out a way to test for this, can it be done?
Ed
Count of Failures in Win2003 System Event Log
System log? Do you mean HostMonitor's system log? or Windows Event Log?We have noticed that sometimes when a server is failing in an unexpected way, there are hundreds of "Error" events in the system log.
Sure you can do that.If we could make a test that would fail if more than X Error entries exist in the event log, it would be a major advance in our monitoring.
If you want to see "bad" test status when 1 or more error events detected but start alerts when there are 25 or more "bad" events in the log, simply set "Start when 25 conecutive Bad results occur" option for the actions.
http://www.ks-soft.net/hostmon.eng/mfra ... properties
Also you may use different test status when there are less than 25 "bad" events detected. You may use "optional status processing" options
http://www.ks-soft.net/hostmon.eng/mfra ... processing
You may mark "Use Warning status if" option of the test item and use expression like ('%SuggestedSimpleStatus%'=='DOWN') and (%SuggestedRecurrences%<25).
You may need to enable "Treat Warning status as Bad" option to avoid reset of "recurrences" counter after 25th "bad" event.
Note1: you should use "Report about all events" option of NT Event Log test.
Note2: if HostMonitor does not find any new "bad" event, it will change test status to "Ok" and reset Recurrences counter. So you should know how often "bad" messages may appear in the log and setup appropriate test interval
Regards
Alex
Bug in Action Properties & Still need help with Test
I am still trying to get this test to work. So I created a simple Ping test and made it fail. When It fails I insert a Entry into the system log. This way I can simulate multiple event log failures. However while I had specified in the action parameters for it to put the entry in the system log, it always puts then entry in the application log! I think this is a bug.
I still can't quite figure out how to make the Window Event Log test work.
Lets say the test runs every 6 hours. I want to have the test be OK if there are less than 5 Errors in the System Log. If there are more that 5 error and less then 10 errors I want to show a warning condition. If there are greater than 10 errors I want the test to fail causing an email message to be sent.
SO I have used both the warning status: ((%SuggestedRecurrences%>5) and (%SuggestedRecurrences%<10))
and the Normal Status:((%SuggestedRecurrences%<3))
In this case I never get a warning level, I do get the normal status and a strange reply "message not found Insertion String: test by ed"
If I disable the Normal and Warning statuses then the test fails after an entry is put in the system log, and immediately goes back to normal after the next occurrence.
I hope I have been able to explain this!! Can you give me some suggestions on what I have done wrong.
Ed Schwartz
When a single failure is created in the system event log the test
I have created a alert that sends an email after 10 consecutive bad results (do I need to use the "until status changes" option?
I still can't quite figure out how to make the Window Event Log test work.
Lets say the test runs every 6 hours. I want to have the test be OK if there are less than 5 Errors in the System Log. If there are more that 5 error and less then 10 errors I want to show a warning condition. If there are greater than 10 errors I want the test to fail causing an email message to be sent.
SO I have used both the warning status: ((%SuggestedRecurrences%>5) and (%SuggestedRecurrences%<10))
and the Normal Status:((%SuggestedRecurrences%<3))
In this case I never get a warning level, I do get the normal status and a strange reply "message not found Insertion String: test by ed"
If I disable the Normal and Warning statuses then the test fails after an entry is put in the system log, and immediately goes back to normal after the next occurrence.
I hope I have been able to explain this!! Can you give me some suggestions on what I have done wrong.
Ed Schwartz
When a single failure is created in the system event log the test
I have created a alert that sends an email after 10 consecutive bad results (do I need to use the "until status changes" option?
Do you use "Log Event" action? We will check this... What version of HostMonitor do you use?When It fails I insert a Entry into the system log.
1) Have you set "Report about all events" option of NT Event Log test?SO I have used both the warning status: ((%SuggestedRecurrences%>5) and (%SuggestedRecurrences%<10))
and the Normal Status:((%SuggestedRecurrences%<3))
In this case I never get a warning level,
2) Looks like you forgot about 3rd, 4th and 5th records.
Probably you expressions should look like
- ((%SuggestedRecurrences%>5) and (%SuggestedRecurrences%<10))
- (%SuggestedRecurrences%<6)
This is common problem related to 3rd party DLLs. Descussed in this forum many times.and a strange reply "message not found Insertion String: test by ed"
E.g. http://www.ks-soft.net/cgi-bin/phpBB/vi ... hp?p=20593
Regards
Alex
Log Event bug
Yes I am using the Log Event Action and it is executed by Passive RMA 3.83. Hostmonitor 7.50
Ed...
Ed...
Eventlog bug - figured out
Hello,
I now see that the dll problem caused the log event action to be recorded to the wrong log. Once the DLL error was fixed, my alert that I specified to log to the system log worked properly.
Regards,
Ed...
I now see that the dll problem caused the log event action to be recorded to the wrong log. Once the DLL error was fixed, my alert that I specified to log to the system log worked properly.
Regards,
Ed...