RMM Alerts KB Article

Where can I find more information about RMM Alerts? The KB article seems to be missing.

  1. Mute vs Clear vs Delete
  2. What are the Default Alerts
  3. How to customize Alerts
  4. Once RMM Alert is cleared how long before it can be triggered again?

Just a few examples.

1 Like

There’s not a specific KB article for alerts, it’s part of the policy page since that where you manage alert setup: Policies (with Policy Inheritance)

  1. Mute prevents future alerts for a time period or permanently. Clear and delete are the same, this is just an example of Syncro’s lack of UI consistency.
  2. There are no default alerts if you’re creating a new policy. If you’re using one of the ones that’s precreated just click on it and it shows the monitors that are setup for that policy.
  3. You edit the policy, see link above.
  4. They will be triggered again when that check runs again. This varies depending on the check. Here’s what I’ve gathered from the logs/experience:

Near Realtime:
Manual script runs
Online Status
Every 5 minutes: Syncro Agent heartbeat
Every 5-10 mins: Checks for Syncro Agent/Live/Kabuto updates
Every 15 mins (Small Sync):
Event Logs check
Antivirus Status check
Firewall Status check
Hard Drive Space check
Device Manager check
Blue Screen Crashes check
Every 1 hour: Overmind/Recovery service checks service status
Every 2 hours (Medium Sync):
Managed AV check and install if needed
Third party patch check and install if needed (may be scheduled instead?)
Every 6 hours (Full Sync):
Updates asset details like Pending Reboot, uptime, device name and installed programs
Windows Update sync
Hard Drive Fragmentation check
Hard Drive Health check

Please remind where those logs are found.


c:\ProgramData\Syncro\logs or you can also see an abbreviated log by shift doubleclicking the Syncro tray icon.

How do we mark alerts as resolved, I ran a report and its showing 108 alerts detected and 6 resolved, however there are only 6 active alerts for that customer.
How can the other alerts be marked as resolved (alot are low disk space and USB Drive preset monitoring where users did not eject the drive correctly)

Thanks in advance

Not really following you, sorry. Alerts either exist or they do not, there’s no status to change to resolve them, they either auto clear themselves or you manually clear/delete them. If you go to the Alerts tab all the alerts that exist will be shown. If there are only 6 there then the rest have already been manually cleared or self-resolved (autoresolve is an option in the policy for some alert types).

Great question, Brayan, this is an area that we don’t have under control yet and I don’t fully understand the alerts either…for the reasons you listed.

Syncro, could we have some documentation, please? :grinning:

Hi All,
I’ve passed this message along to our team to request some more in-depth documentation. @isaacg has addressed the specific questions in this post, thanks, Isaac!
If you do have any specific questions that are unclear in the meantime, please don’t hesitate to ask us.