Hey everyone, I’m kinda new to Itarian and I’m having a bit of trouble getting a monitoring alert to work. So here it goes. My goal is to get alerts when a device comes back online from an unexpected shutdown.
This is tracked by Event ID “6008” in the system log, is an “Error” and comes from Provider “EventLog”.
I don’t want to hard boot anything to reproduce this event, so I’m testing with the next event that follows that I can reproduce after a reboot.
“Operating started at System Time XX:XX:XX etc” is Event ID “12”, is “Informational”, and comes from Provider “Microsoft-Windows-Kernel-General”.
I’ve input that information into the monitoring alert, but don’t seem to get a result. Ever… Now the only thing that I’ve been able to think of is that the services that report to Endpoint Manager start after event 12 comes into the event log. So I have to ask, is the reason that the event monitoring is not working due to the fact that Itarian doesn’t look at events since the last time their services restarted, but only reports on events that happen after the service start? If that’s the case, what would be the best way to track “Unexpected” shut downs? If not the case, does anyone have any thoughts on why else it might not be going through.
Also, I am getting other monitoring alerts, just not the ones from this Event ID.
Thanks in advance!