2 Replies Latest reply on Feb 7, 2008 10:18 AM by Noah Hester

    Eventlog monitoring using Patrol Agent

      Does anyone have a best practice for an MSP environment to monitor Windows Eventlogs with a filter option, that allows using the KM without having to manage a huge ruleset? We have different customers, each with different demands regaring eventlog monitoring, and using the Agent config variables it is more admin load than I can even consider handling.

        • 1. Re: Eventlog monitoring using Patrol Agent

          Best Practice depends on the environment, there is no right or wrong answer to what should be monitored.

          Speak with the admins and ask them what they want, and then just add the specifics.

          Do it for one agent, then use PCM to get the rulesets so that you can push these out to other agents.

          Modify them for different servers etc.... shouldn't be too bad - that's how i have done it in the past.


          • 2. Re: Eventlog monitoring using Patrol Agent

            I agree that replicating/updating event log rules could be easier, for example,in the 'childlist" portion of the new rule, if you forget to change REPLACE with MERGE in the new rule you will wipe out the existing filters.

            Also having to capture a before and then the after, then doing a PCM compare to get the difference - all of that should be wizardized-automagic for us.