Documents on analyzing and managing system event logs
View all tagsThis document outlines the Automate Database Maintenance Cleanup Script, which is responsible for cleaning up the Eventlogs table based on specific conditions. It details the script functionality, variables used, and expected output, providing a comprehensive overview for users.
Monitors Dell server hardware events from Windows Event Logs generated by Dell OMSA.
The solution describes how to configure NinjaOne to automatically generate a CW Manage ticket for Dell OMSA alerts.
The condition runs the automation once per hour and generates a ticket with the script’s results if any monitored event log is detected.
Checks for recent DFS Replication errors or warnings within the last hour and reports the current replication state to identify potential sync or replication issues.
Triggers an alert when any errors are detected in DFS Replication on the server, indicating possible replication failures or issues requiring investigation.
Triggers an alert when any errors are detected in DFS Replication on the server, indicating possible replication failures or issues requiring investigation.
This ticket template is used to manage the CW Manage ticket generation settings for the Excessive Logon Attempts Alert Condition
Detects and summarizes failed logon attempts (Event ID 4625) from the Windows Security event log within a specified time window.
The condition runs the automation once per hour and generates a ticket with the script’s results if any monitored event log is detected.
This will Detect and summarize failed logon attempts (Event ID 4625) from the Windows Security event log within a specified time window.
Reports recent error events from the "MsiInstaller" event source and lists any active Msiexec processes.
This solution monitors servers for SMB1 protocol usage. It enables SMB1 access auditing (if disabled), scans event logs for recent SMB1 access attempts (Event IDs 1001, 3000) within the past hour, and triggers an alert through a compound condition if SMB1 is enabled and any access attempts are detected.
Enables SMB1 access auditing if disabled and scans event logs for recent SMB1 access attempts (Event IDs 1001, 3000) within the last hour. Returns exit codes for detection or script failure.
This Compound Condition creates an alert on Servers with SMB1 Protocol enabled and if SMB1 access attempts (Event IDs 1001, 3000) is detected within the last hour