I’ve tried a few scripts found on the forum here but haven’t had success with this.
Here is what I am trying to accomplish:
- Setup custom script monitor that either: (a) detects a specific windows eventID and source in any of the event logs or (b) detects any critical/error/warning eventID
- When the event occurs, trigger an alert that contains the contents of that event from the event log.
This script does work and I am able to modify the script to handle all three desired event log levels.
Is it possible to modify this working script to look for specific eventID and source as there are a few information level events I wish to monitor as well?
this is one of the scripts that I tried and it does not trigger a monitoring event or alert for me.
On another note, the original script mentioned has just yesterday and today caused a 100% CPU usage issue for RMMService.exe on Windows 10 and Server 2012/2016 systems. I have had to disable it to bring CPU usage down to normal levels.
I have narrowed down our issue to this script which we had been testing for use:
Had to disable this to resolve the CPU usage issue.
Hi @HTS_Dave, kindly check the CCS version as we had some issues with the recent release. Our developers have just rolled back the available CCS build to the previous version (v22.214.171.12459) on Endpoint Manager until a hot fix is deployed.
Communication Client version is 6.27.25138.19040. I’m testing these scripts again on a single machine to see if we can reproduce the problem.
Issue is still occurring on the test machine.
We have created a support ticket to assist you further with your issue. Please check your forum registered email at your convenience
Can someone rewrite this Critical event log script to be compatible with Windows 10?
I don’t know the exact size, but once an application or system log gets above about 3MB, this script crashes the rmmservice.exe, so if it is set to check the logs every 15 minutes, every 15 minutes the rmmservice will crash, CPU will max out to whatever is max available for that process (thankfully it is single core process), and another instance of rmmservice.exe starts. This will happen indefinitely until there are dozens of rmmservice.exe instances and CPU is 100%, system will be nearly unresponsive.
The only workaround is to regularly clear and save event logs to keep them under 3MB. I’ve attempted to use GPO to set a max log size, but the minimum is 4MB. So this does not work long term.
There has got to be a way to script this without causing this behavior. Unfortunately, the support ticket we had open resulted in merely acknowledging the problem, but no real resolution.
Hello @HTS_Dave ,
We have created support ticket to analyze the issue and your request.
Feel free to check your forum registered email at your convenience.