ControlUp Community

Connect, Learn, and Grow

Event Log Triggers and Incidents in ControlUp

Posted on

In a Slack discussion about event log triggers and incidents, a user asked if a new trigger could be created for a specific event log source and if it would still be logged as an incident if no follow-up action was attached. Another user suggested using the "Events" tab at the bottom for live events, while another recommended using Powershell to retrieve events captured through incidents. The "Top Windows Events" report in DEX was also suggested as a potential resource.

Read the entire ‘Event Log Triggers and Incidents in ControlUp’ thread below:

It’s been a long time since I’ve done triggers or worked with Incidents, but at my previous org, we had all system event log errors captured as incidents, and we filtered the ones we didn’t want to have captured by using the "is not xxx". My new org doesn’t have ANY event logs in the Incidents, which I believe means none of the event log triggers are enabled. If I have that understanding correct, can I simply create a new trigger for the eventlog source and ID I want to show in Incidents? I don’t want to get an alert, so can I leave the followup action empty and it will still be logged as an incident?

i believe so.

you can pull live event using the EVENTS tab at the bottom as well

correct. Creating a trigger will create an incident even if no follow up action is attached

Live events will only work for hosts connected in the console right? I want to grab ANY event of said type

yes

You can use Powershell to get some of the events captured through incidents. Though one big caveat, I don’t know how long those are kept in memory.

“`$monPath = ((Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\cuMonitor").imagepath).replace("\cuMonitor.exe",$null).replace(‘"’,$null)

get-Item "$monPath\powershell.dll"|import-module

Invoke-CUQuery -Table Events -Fields Source, EventId,EntryType,UserName,TimeWritten,Message,MachineName,Log,RawMessage,InstanceId,Category,InsertionStrings“`

Just discovered the „Top Windows Events“ report in DEX, Maybe there you will find the informations needed?

Continue reading and comment on the thread ‘Event Log Triggers and Incidents in ControlUp’.  Not a member? Join Here!

Categories: All Archives, ControlUp Real-Time DX, ControlUp Scripts & Triggers
Topics: , , , , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!