Skip to content
← Ideas and Feedback

Have an idea for a new feature?

Ideas and Feedback: Alerts

Categories

(thinking…)

Event Monitoring Improvement

I would very much like a lot of improvement when monitoring Windows event logs. I don't want to specify an event source -OR- event ID. I need to specify the log, source, -AND- the ID.

The very few prebuilt Atera event monitors have the ability to notify based on frequency. At the very least I would like to change that frequency, but it would be extremely helpful if we could specify a frequency like that when building a custom monitor.

I also want to monitor events based on their criticality but not have that set the criticality of the alert generated in Atera. So if I need to monitor both Error and Critical events in Windows, I don't want Atera to create a Critical alert for that - I need to be able to configure that based on my preference. In many cases, I would only want the alert generated to be a Warning, not Critical.

32 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

David Yoder shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Brad Shaffer commented  ·   ·  Report

    There is great inconsistency with the way Windows Event log monitoring is currently handled.

    Before February 2022, monitoring custom event logs (such as the Windows Server Backup operational log) automatically created Critical alerts if an Error event appeared in the Windows event log. This allowed monitoring of the entire log without having to define individual event IDs that should trigger critical alerts.

    Then in February 2022, the behavior changed such that ALL events in a custom monitored log generated Atera Critical alerts -- even informational log events. This yielded a flood of erroneous alerts in Atera.

    On/about February 22, the behavior reverted back to the old way...which was the more logical way.

    Then on February 26, the new behavior returned and the log monitoring is now treating ALL operational log entries according to the threshold level defined. That is, even informational items are creating critical Atera alerts.

    The only work around seems to be to create a tedious, lengthy list of ALL possible Error events for a particular log and define them in a Critical threshold rule. Then, PRAY that you've actually accounted for all possible error events so the monitoring rule can properly notify you when an error occurs.

    This definitely needs some more polish.

    There needs to be an option to monitor ANY windows log for a defined Windows event level.

    Here are examples of how the threshold monitoring rules should work:
    If Windows Error Event of any kind is encountered, create an Atera Critical Alert.

    If a Windows Warning Event of any kind is encountered, create an Atera Warning Alert.

    If a Windows Event ID of XXXX is encountered, create an Atera YYYYY alert.