Event log monitoring problem, using Hyper-V monitoring as an example

We are trying to monitor when our Hyper-V replication fails. There are several Event IDs that are triggered depending on OS but basically we have configured all IDs in the hope that at least one will trigger an Alert.
This has NOT worked so far.
Below is a screenshot of an example Event Log Alert config:

Maybe we are doing it wrong. Any assistance would be appreciated…

Sean

From what I recall, Syncro only does event logging for the 3 main windows logs (System, Application and Security), so the events you’re trying to capture are probably not in one of those three. It’s possible this has changed, but I know it was the case at one time. I think there are a few scripts in the library for monitoring events with powershell, you may need to use those instead. You can only schedule every 15mins, but event log policy only scans every 15mins also, so no change there.

@isaacg - Thank you for your reply and suggestion BUT, if I recall, this is specifically a feature that Syncro pedals when selling the product (quite sure I’ve seen it done in demos). Also begs the question, what’s the Source field for?
I’ll give the community one more day and then I’ll repost as a support ticket. In the interim, I’ll check the script route as you suggested.

Sean

I set up an alert for ID 6008 a year ago, and we’ve never gotten an alert for it.

Does anyone have a working Custom Event log alert?

I have one setup to monitor veeam agent.

Generates an alert that I can turn into a ticket.
image

Thanks Shane. I think that Veeam is down only one level (#1 on image below) in the Event Log tree (correct me if I’m wrong) but what we are monitoring is 3 levels down (#2 on image below). That said, I have tried adding the Log name as well and we’ll see.
I did not add the Message field as that only narrows the search further (I think).
Capture

Hello Sean
The veeam for windows application has it’s own parent log.
image

Yeah. I think once you go down a few levels it does not work. I made the changes to match what you had done and still no dice. I’ll (re)open a ticket with Syncro

Sean

We have created a workaround using the Attach Task to this Event… for the specific event. That creates a top level Event (using the eventcreate command) that Syncro will pick up

…and I have just received confirmation from Syncro support that they can only monitor top level events but it is in development

Hey Sean. I didn’t get a notification of your replies.
Thanks for the update. I will try that for some other stuff I am trying to monitor.