Knowledge Base




You can launch the following VBScript through the application scheduler e.g. every 1 minute to be notified when the number of files in a given folder exceeds a configurable limit. Note: The file needs to be saved with the .vbs extension and called it through cscript.exe. You set the directory in the variable: DIRECTORY and the number of...

KB-ID 206
Category: Scripts
Applies to: All Versions

You can launch the following VBScript through the application scheduler e.g. every 1 minute to be notified when the size of a file exceeds a configurable limit. Note: The file needs to be saved with the .vbs extension and called it through cscript.exe. You can configure the file with the FILENAME variable and the maximum size of the fi...

KB-ID 207
Category: Scripts
Applies to: All Versions

You can launch the following VBScript through the application scheduler e.g. every 1 minute to be notified when a file has not been updated in X seconds. Note: The file needs to be saved with the .vbs extension and called it through cscript.exe. You can set the filename with the FILETOCHECK variable and the longest acceptable time the...

KB-ID 208
Category: Scripts
Applies to: All Versions

You can launch the following VBScript through the application scheduler e.g. every 1 minute to be notified when a web site or other component e.g. SMTP in IIS is stopped. Note: The file needs to be saved with the .vbs extension and called it through cscript.exe. vbscript 39 Lists the state of all IIS web sites configured on th...

KB-ID 209
Category: Scripts
Applies to: All Versions

Open the management console Navigate to Packages System Health In the ribbon click on the arrow below Filter and select Services Locate the appropriate package Services by default expand it and click on Services Add the service that should be excluded to the list. Save the configuration Excluding a service this way ...

KB-ID 356
Category: Configuration
Applies to: All Versions

Open the management console Navigate to Packages System Health In the ribbon click on the arrow below Filter and select Disk Space Locate the appropriate package Disk Space Error or Disk Space Warning depending on the severity of the alert expand it and click on Disk Space Adjust the alert thresholds under Limits Save ...

KB-ID 357
Category: Configuration
Applies to: All Versions

Open the management console Navigate to Packages System Health In the ribbon click on the arrow below Filter and select Disk Space Locate the appropriate package e.g. Database Purge for alerts regarding the PostgreSQL database size expand it and click on Disk Space Click the Directory Monitoring tab Locate the correct ...

KB-ID 358
Category: Configuration
Applies to: All Versions

File monitoring aka as File Integrity Monitoring FIM monitors directories to detect changes to files as well as files being added and removed from directories. By default EventSentry monitors all files with the .exe and .sys extension in the SYSTEMROOT\system32 as well as SYSTEMROOT\syswow64 directories on x64 systems to ensure that...

KB-ID 359
Category: Configuration
Applies to: All Versions

Open the management console Navigate to Packages System Health In the ribbon click on the arrow below Filter and select Network Time Sync Locate the appropriate package expand it and click on Network Time Sync NTP Adjust the interval tolerance event severity and/or NTP server list Save the configuration To add NTP m...

KB-ID 360
Category: Configuration
Applies to: All Versions

EventSentry monitors all scheduled tasks on a system by default and will generate an alert when a scheduled task is added removed or changed. Open the management console Navigate to Packages System Health In the ribbon click on the arrow below Filter and select Scheduled Tasks Locate the appropriate package expand it and cli...

KB-ID 361
Category: Configuration
Applies to: All Versions

If you are getting diskspace alerts about a specific drive that is expected to have little or no disk space available such as the destination for a backup then you can create a customized rule to disable alerts on that particular drive. Open the management console Expand Packages and click System Health Click Add on the ribbon to add a...

KB-ID 362
Category: Configuration
Applies to: 3.4 and later

video 3 Under 39Tools Embedded Scripts39 click 39New39 and then label this 39expiringcerts.ps139 and in the 39Script Content39 box add: powershell sl cert: MaxDays = 30 GetChildItem Recurse where .notafter le getdate.AddDaysMaxDays AND .notafter gt getdate.adddays365 select NotAftersubject Is...

KB-ID 395
Category: Monitoring

Forwarding Syslog messages as email alerts is a threestep process assuming that Syslog messages are already successfully received in EventSentry: Enable Syslog to Event Log which creates events in the application event log from the Syslog messages Configure one or more Syslog text filters Create filter rule to forward those events ...

KB-ID 399
Category: Configuration
Applies to: All Versions

The easiest way to get notified in realtime whenever a Windowsbased system boots is by forwarding Event Log event 6009. This event is logged to the System event log whenever a Windows OS starts up. 1. Open the management console and either find an existing event log package to add this new filter rule to or create a new even...

KB-ID 401
Category: Monitoring

The easiest way to get notified in realtime whenever a user is created in Active Directory is by forwarding MicrosoftWindowsSecurityAuditing event 4720https://system32.eventsentry.com/security/event/4720. This event is logged to the Security event log whenever an Active Directory user is created. More information o...

KB-ID 403
Category: Compliance

The easiest way to get notified in realtime whenever specific service/driver starts or stops is by forwarding EventSentry event 10100 or 10150. This particular event is logged by EventSentry when a service or drivers status changes. Service monitor is a feature that is enabled by default in EventSentry under System Health Services...

KB-ID 405
Category: Service Monitoring

The easiest way to get notified in realtime whenever a user attempts to log on more than X times with a wrong password is by forwarding MicrosoftWindowsSecurityAuditing event 4625https://system32.eventsentry.com/security/event/4625. This event is logged to the Security event log whenever a user fails to logon. More...

KB-ID 407
Category: Compliance

In a production environment it can be important to know if and when a VM is reverted to a snapshot. If the VMWare ESXi host is configured to send Syslog messages to a log hosthttps://docs.vmware.com/en/VMwarevSphere/6.7/com.vmware.esxi.upgrade.doc/GUID9F67DB52F469451FB6C8DAE8D95976E7.html like EventSentry then it will send a message s...

KB-ID 408
Category: Network Services

Event log alerts can often by cryptic and difficult to understand especially when alerts need to be interpreted by nontechnical staff. EventSentry makes it easy to simplify complex alerts by letting you completely rewrite the content. For example the following potentially complex event log message event 4688https://system32.eventsentr...

KB-ID 409
Category: Configuration

Starting with Windows 10 and Windows Server 2016 you can generate audit events whenever files are written to a removable drive by enabling auditing for the Removable Storage audit subcategory of the Object Access audit category. This will result in 4663https://system32.eventsentry.com/security/event/4663 events being generated whenev...

KB-ID 410
Category: Security
Applies to: 3.5 and later

In larger network environments different groups of computers/servers are managed by separate groups. For example you have Exchange servers managed by your Exchange team and Database servers managed by your Database team. If an Exchange server goes down then the database team does not need to be notified. We can use the default heartbeat aler...

KB-ID 418
Category: Heartbeat Monitoring

The Software/Hardware Inventory system health package can monitor battery levels both on laptops and directly attached UPS devices. Alerts generated by this feature can be used that to generate an email when the percentage is low. By default there is a System Health Inventory Software/Hardware Monitoring package if you don...

KB-ID 419
Category: General
Applies to: 4.1 and later

With the EventSentry Log File Monitoring feature you can be alerted via email if specific text gets written to a file. In this HowTo we will use the default Log File Windows Update as an example but this can be used for any other log file monitoring package existing or new. Expand Log Files Expand Windows Update C...

KB-ID 420
Category: Monitoring

Synology diskstations offer a SNMP counter that can be monitored with EventSentry to alert if a system update is available. This information can be obtained by monitoring the upgradeAvailable SNMP OID 1.3.6.1.4.1.6574.1.5.4.0 This counter returns one of the following values: 1: Available 2: Unavailable 3: Connecting 4: Dis...

KB-ID 425
Category: Configuration