Event log monitoring is a vital part of a complete monitoring approach, since it gives an insight into problems that do not show up as performance problems, service or availability failures.
Without event log monitoring, a large number of problems would go unnoticed. Event log monitoring can detect security problems, such as failed log ons, as well as any issue logged by the operating system or application software.
All Logs
The event log monitoring covers all event logs, not just Application, Security and System. The extra logs added in an Active Directory environment, or those added by third-party software are all covered by the monitoring.
Filters Provide Focus
There will almost certainly be events for which logging cannot be prevented, but which can be safely ignored. To avoid any irrelevant "noise", these events can be filtered out, essentially removing them from the monitoring process, but allowing all other events to be included.
A filter can easily be added in several ways; directly from the corresponding alert list, from an active response link in a notification e-mail or digest or as part of a policy. Filters can also be added manually if required.
Filters can operate at different levels, from excluding all events from a particular source to excluding only those with specific text in their details.
Digests And Deduplication
In some environments, systems can generate a significant number of events, all of which need to be analysed. Receiving an individual notification for each event would be a significant burden in this situation, but disabling monitoring entirely, or simply removing the events with filters is not appropriate.
To solve this problem, ServerAssist can periodically generate an event log digest, containing all unfiltered events since the last digest. To minimise the size of the digest, but without losing important information, duplicate events can be summarised if required, and in this case the digest simply shows one event and the number of times it occured.
Handling Transient Problems
Sometimes, a problem may take a few days to resolve, and during that time, further notifications about the issue are not useful. ServerAssist's filters can be configured with an expiration date and time.
This allows notifications to be supressed while the problem is being fixed, but ensures that should the problem re-occur later, it will once again be detected.
digests prevent too many immediate notifications