It's important to understand that system health components such as Service Monitoring or Disk Space Monitoring cannot be configured to send emails or take corrective action directly. Instead, all system health monitoring components log their respective alerts to the application event log, from which they can then be dispatched using one or more event log filters.
The image below illustrates the flow of information:
1. Log alerts to application event log
When a system health feature detects a fault (e.g. a disk is almost full, a critical service is stopped) then an event is logged to the application event log with the EventSentry event source. Since the severity of the event is often configurable, events may be logged as either an Informational, Warning or Error event.
2. Pass all alerts through event log filters
Once the event is generated, it will be passed through all the filter rules that are part of assigned & activated event log packages
3. Matching filter dispatches alert
If an event log filter matches the event that was logged in step 1, the action(s) configured in the filter will be triggered.