Multiple event log queries

When trying to create an event log query, I have one for MSP 360 using event 0, with level of “Error”. But when I try to create another one for the Informational queries, I can’t because it also shares an event type of 0. Is there any workaround for this? It’s in the Application log with a source of “Cloud Backup Server” and shares the same ID but has a different level type, so I should be able to create another query, but it seems like Syncro is keying off of source name and event id while ignoring the level of the event.

This is stopping us from being able to actually create meaningful event log policies in the product, because I can’t have a policy for errors and one for information with how syncro currently works.

Event Type is broken. It will alert you if no matter if it’s Information or Error. Generally, an Event ID will hardly ever use multiple event types. Did you check with the vendor to see if they use Event ID 0 for multiple types? That’s usually bad practice since using different IDs for errors/warnings/information is the norm.

Yep, I just use powershell to monitor Veeam. The event log triggers didn’t work in Syncro.

$event = Get-EventLog "Veeam Agent" -InstanceID 190 -newest 1 -ErrorAction SilentlyContinue

Yeah it’s definitely bad practice, but there are multiple vendors (Even software companies I’ve worked for as well) that do this and it’s kinda what we are stuck with. It feels like every feature I try to fully implement in Syncro always has key functionality missing. It’s like my workaround will most likely be running scripts to check this stuff and then hoping that Syncro runs those scripts, which just seems asinine when the functionality is basically RIGHT there but not really working.

Well good or bad, it will trigger no matter what event type you set, so if it did allow you to do info and error for the same ID, you would get double notifications most likely. I am curious if there’s a specific reason they won’t let you do the same ID multiple times. Probably won’t make you feel any better but neither CWA nor Kaseya were consistent on event log monitoring either.

Yeah, I’ve worked for a few software companies, so I definitely have been on the other end of this and still had my own internal frustration with the companies :smiley:

I did some quick testing, you can definitely repeat IDs but it at least keys off of id number and name of log tied together. It just needs to key with event type and it would be helpful :slight_smile: