2 Replies Latest reply: Feb 7, 2008 10:18 AM by Noah Hester RSS

Eventlog monitoring using Patrol Agent

pe1pbu

Does anyone have a best practice for an MSP environment to monitor Windows Eventlogs with a filter option, that allows using the KM without having to manage a huge ruleset? We have different customers, each with different demands regaring eventlog monitoring, and using the Agent config variables it is more admin load than I can even consider handling.

  • 1. Re: Eventlog monitoring using Patrol Agent
    Danny Tharby

    Best Practice depends on the environment, there is no right or wrong answer to what should be monitored.

    Speak with the admins and ask them what they want, and then just add the specifics.

    Do it for one agent, then use PCM to get the rulesets so that you can push these out to other agents.

    Modify them for different servers etc.... shouldn't be too bad - that's how i have done it in the past.

    HTH
    Dan

  • 2. Re: Eventlog monitoring using Patrol Agent
    Noah Hester

    I agree that replicating/updating event log rules could be easier, for example,in the 'childlist" portion of the new rule, if you forget to change REPLACE with MERGE in the new rule you will wipe out the existing filters.

    Also having to capture a before and then the after, then doing a PCM compare to get the difference - all of that should be wizardized-automagic for us.