wwandrei
Contributor
Contributor

Hyperic Windows Event Logs Alerting

Hello.

Trying to setup Alert definitions based on Windows Event IDs. All good everything works fine except  that the alert  is generated totally random. I can see that the events are collected in the Event Center but it doesn`t always generates an alert for the same Event it was created. In the Alert condition set I did not checked "Generate one alert and then disable alert definition until fixed" so every time the condition is met an alert should generate. Sometimes it generates one sometimes it  doesn`t.

Anyone had this issue?

Thanks.

0 Kudos
6 Replies
lakshya32
Enthusiast
Enthusiast

Hi

Welcome to communities.

Could you please share log file , that must give some clue.

https://support.hyperic.com/display/EVO/Alerts+and+Alert+Definitions

0 Kudos
wwandrei
Contributor
Contributor

The agent logs don`t show anything. The HQ Server logs are huge and still looking trough them. Meanwhile I`ve logged a support call with VMware and have collected and sent them all the logs. It is very weird as the alerts fire totally random. Was thinking maybe someone had this issue before.

0 Kudos
RaghavendraGutt
Contributor
Contributor

Hello,

You are wrong! You can't set alert definition to check for once and to stop for consecutive errors.

Uncheck that option in Hyperic and properly set the EventID source. So that, an alert will be triggered whenever Hyperic watches an error for the source.

Let me know! If required, drop me an email raghavendra.rathnamachary@emc.com mailbox.

:smileycool:

0 Kudos
wwandrei
Contributor
Contributor

I`ve  tried it with or without the  box checked. I had a call raised with vmware  support and their response below:

"This  is a known issue  in hyperic, which cannot process more then 200 events in 5 min. If you are licensed for Log Insight which is vmware log tracking  product, it may be better fit for minitoring security events than hyperic which is more of an availablility monitoring  tool"

We are trying to do AD audit and the domain controllers genereate lots of security events. Anyway ... 200 events limit is lame... The agent properties  setting  I believe is agent.eventReportBatchSize.

Regards,

Andrei

0 Kudos
RaghavendraGutt
Contributor
Contributor

I agree! 200 event processing in 5 mins might be a heavy load on agent.

Yes, vCenter LogInsight might be handy! But, you can use these alert definitions for critical errors noticed in Win servers.

Let me know!

0 Kudos
wwandrei
Contributor
Contributor

I don`t think that is possible, if it is please let me know. My understanding is that when you setup event collection from resource properties it will collect all events (depending on what you set: system, setup, application, security, *) but it will generate an alert only for the events you set it up. The problem is that if there are more than 200 events collected per 5 mins than even if there would be an event I`m interested to be alerted it will not reach hyperic server because of this limit. Do you know any other way that maybe we can limit event types or IDs to be forwared to  HQ server from agent properties file, otherweis I don`t see how could I make it work. Thanks, Andrei

0 Kudos