Event log monitor

We are looking to get an alert and restart a service when a specific event ID is detected. How can that be accomplished?

Hi Jay! So this is going to be a few modules that we’re linking together but I’ll keep it straightforward.

  1. First you will create your event log monitor. This will create an alert whenever Syncro detects that event on the asset.
  2. Next, you’ll create an Automated Remediation. This is a way to monitor alerts, then automate specific actions based on that alert such as emailing, running a script, or creating a ticket.
  3. Set your remediation to execute a script once the alert is detected.

Here’s an example from my system, I am monitoring a 500 error. I have given it a name to indicate this is going to be a remediation for the 500 error but you can name yours anything you like. I have selected ‘Trigger Category’ for my condition, and ‘Triggered 500 Error’ is my event log monitor. If you want to filter it further, you can add another condition if say, you only want this done on specific assets, customers, policies, etc. Note these conditions are AND statements, we don’t support OR statements at the moment. So it would be Trigger Category AND Asset Name, if you added more filtering to it.

Next we will set the action, in this example, we’ll run a script that restarts a service. This script should already be in your system so you can use the same one as I did here. There is a variable so you’ll need to enter the exact service name. If you would like to have this run more than once (or every time the alert is generated) add an additional action that clears the alert. That way it’ll be closed out and ready to run again.

That’s how you do it! Hopefully this is helpful, good question :slight_smile:

Alexandra,

If I set up your Step 1, will that generate an RMM alert without any other steps? I haven’t been able to get my 6008 monitoring to work.

Hi @BrianMorris
Had a search through the forums and I see you managed to get this to work! Great news, sharing it here for visibility