Windows Event Management doubt(s)
Hello, Nowadays, we are migrating from CA IM to Logic Monitor platform, when it comes to the event logs monitoring we've some doubts on how to replicate those. Currently at IM we pick what we want to monitor (by creating profiles that look into the Severity, Source, ID, Message, etc...). I do understand this is possible within LM but, from what I checked itwould require us to create a different event source every time the source changes (& we are talking about >100 variations). With that in mind, using that method we would create a huge load on the collectors, correct (due to WMI limitations, etc...)? Not sure if this was raised in the past but, is there any other approach/method we could try in order to accomplish this? Appreciate thefeedback. Thank you!
Windows System Event Log "message" details not accurate
We are using the defaultWindows System Event Log event source and having those errors route through a Teams integration. When tested fromWindows System Event Log event source the Event Logging displays the entire “message” detailing the eventID reason etc etc. When looking in the Alerts section of the GUI it also shows the entire “Message” section with details. However when the alert shows up in Teams its dumbed down and useless. We get the following. Message: error - HOSTNAME Windows System Event Log The Teams integration is setup identically to the Event Source Alert message as seen below. Anyone know why ##Message## is getting overwritten with useless info instead of the actual message details from the Event? Host: ##HOST## Eventsource: ##EVENTSOURCE## Windows Event ID: ##EVENTCODE## Message: ##MESSAGE## Detected on: ##START##