Correction :- It goes UP if I clear the event log It goes DOWN if there are *any* logon/logoff entries that match the query (even if it is for a different user), and it stays down.
So there appear to be two problems :- 1. It isn't looking at the user name (perhaps I entered it wrong ?) 2. It doesn't come back UP, even when there are no new event log entries -- Jeff Preou Hamilton, New Zealand -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Preou Sent: Tuesday, 22 June 2004 7:51 p.m. To: [EMAIL PROTECTED] Subject: RE: [SA-list] Event log monitoring At the moment it is going DOWN and UP on each alternate cycle, despite the fact that I have cleared the Security event log and the remote user hasn't logged on (or off) [ie there are no entries for this user]. It doesn't appear to be checking the username. -- Jeff Preou Hamilton, New Zealand -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx Sent: Tuesday, 22 June 2004 7:46 p.m. To: [EMAIL PROTECTED] Subject: RE: [SA-list] Event log monitoring It should only give the "down" for each of the occurences of the Logon. If the next check doesn't get a new entry that has a logon it will show an UP. You can't configure it to "clear" a down by a logoff instead of a logon. Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Preou Sent: Tuesday, June 22, 2004 9:37 AM To: [EMAIL PROTECTED] Subject: [SA-list] Event log monitoring Hi, I'm new to Servers Alive and just downloaded and installed the latest version today. We're evaluating it to see whether we can offer it to our customers that would like a cheap but effective monitoring solution, the idea being that *we* get notified and can then offer assistance as necessary. Hence there might be quite a few requests for help to this list while I discover what we can and cannot do with Servers Alive. And here's the first :- I'm using the EventLog addon to check to see when a particular remote user logs on and then logs off from a Terminal Server. I have one Eventlog check configured with :- ======================================================================== ==== Give a down when "at least one" new eventlog entry matches the below query: Hostname: SERVER Logfile: Security Source: Security Categaory: Logon/Logoff Event ID: 540 User: DOMAIN\username Type: Success Audit Description: Successful Network Logon Return: Number of matching entries Timeout: 5 seconds ======================================================================== ==== I have another event corresponding to the logoff The query correctly returns a DOWN status as this remote user has already logged on (and off). However, it stays in a down status. I get an email notification when it changes to down, and if I change the email notification to 'every 1 times' then I get notified every time, even though there has been no change to the event log. My question is this : how do I set up a query so that I simply get emailed when these events occur rather than every time it is down, if you see what I mean ? Secondly, is it possible to have one event (the logoff) cause the first event (logon) to change from DOWN to UP ? Basically, I'm trying to get notified of this particular users logon/logoffs. Any help would be appreciated. Cheers, -- Jeff Preou Hamilton, New Zealand ######################################################## This message has been scanned for Content and cleared by MailMarshal. www.mailmarshal.com This message has been scanned for Viruses and cleared by Symantec AntiVirus. www.symantec.com ######################################################## -------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive -------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ######################################################## This message has been scanned for Content and cleared by MailMarshal. www.mailmarshal.com This message has been scanned for Viruses and cleared by Symantec AntiVirus. www.symantec.com ######################################################## -------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ######################################################## This message has been scanned for Content and cleared by MailMarshal. www.mailmarshal.com This message has been scanned for Viruses and cleared by Symantec AntiVirus. www.symantec.com ######################################################## -------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
