What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Sensor Event Log (Windows API) : Detect fake events but not "real" ones

Votes:

0

Hello all,

I've got a strange thing and i'm a bit lost. I'm trying to catch the event ID 15004 - 15007 on an Exchange server to get when the server consider itself as pressured. (Application - Source : MSExchangeTransport)

I use the command : 

Write-EventLog -LogName Application -EntryType Error -Source MSExchangeTransport -EventId 15006 -Message "Test error event - ignore"

to generate false event. My PRTG sensor catch it, the "state" trigger send an email... wonderful !

But, when i try to simulate a real pressure on the server (by filling one of the drive with data) : Exchange see it, raise a 15006 (Error) event... and PRTG doesn't see it.

Sensor is quite simple, just caching any events in Applications with ID 15004 to 15007 with an "include filtering", nothing else.

If i use the powershell command to raise a new one a few minutes after : PRTG "works" and send the alert.

I've tried by changing the type for my fake events (warning, info), etc... each time : PRTG catch them perfectly but never see when Exchange creates a real one. (Nothing detected, the live data graph shows nothing)

Does someone understand what's going on ?

event prtg windows-api

Created on Jan 20, 2021 12:34:48 PM

Last change on Jan 26, 2021 6:28:15 AM by Felix Wiesneth [Paessler Support]



6 Replies

Votes:

0

Hi Lenny,

For troubleshooting I would recommend to enable the option Write results to disk in the sensor settings. With these logs you can check which data PRTG receives in detail. In addition I would recommend to take a look here about our guide for PowerShell based sensors.

Kind regards

Felix Wiesneth - Team Tech Support

Created on Jan 26, 2021 6:32:49 AM by Felix Wiesneth [Paessler Support]



Votes:

0

Hello Felix,

Thank you for your answer, but it seems there's a misunderstanding

I'm not trying to do a custom powershell sensor. I'm trying to catch standard Windows event with PRTG. But, it catch my fake event (created using powershell) but doens't catch the one created by Exchange. (despite having the exact same ID)

I will try the option to "Write Results to disk" but it may not give more info as the "live" data.

Best regards

Created on Jan 27, 2021 8:09:26 AM



Votes:

0

Hi Lenny,

Sorry for the misunderstanding. I would kindly invite you to send us your files to [email protected]. Please include PAE2068950 in your subject line. With this I can link the ticket to this topic and we can check in more detail the issue.

Kind regards

Felix Wiesneth - Team Tech Support

Created on Jan 27, 2021 9:27:07 AM by Felix Wiesneth [Paessler Support]



Votes:

0

I'm have the very same issue. Was this ever resolved?

Thanks

Created on Mar 12, 2021 5:51:50 PM



Votes:

0

Hi Stuart,

I'm afraid this was not resolved, since we didn't get a response.

Kind regards

Felix Wiesneth - Team Tech Support

Created on Mar 17, 2021 9:08:51 AM by Felix Wiesneth [Paessler Support]



Votes:

0

Hello guys,

No, it wasn't resolved on my side. I've managed by using another sensor if i'm not wrong and i didn't opened a support case when i've got the issue. But i'm not sure, i may have put that "under the carpet"

I will recheck soon the status

Created on Mar 17, 2021 9:16:34 AM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.