EventSource Alerting
Last updated on 01 June, 2023EventSources watch files like SNMP traps or event log messages (for example, IPMI, Windows, or Syslog). An alert on an EventSource is triggered when LogicMonitor receives a message for an event that matches the filters in place for an EventSource definition. The alert severity and the alert message depend on how the EventSource definition is configured. For more information on configuring filters and alerts for EventSources, see Creating EventSources.
EventSource alerts are managed and displayed in the LogicMonitor portal. LogicMonitor automatically suppresses some duplicate EventSource alerts received within the time range identified. This prevents you from being continuously alerted to the same event. Whether LogicMonitor suppresses duplicate alerts depends on the following collection method:
| EventSource Type | Alert Suppression |
| Log Files | Suppressed for the duration of the interval |
| SNMP Trap | Never suppressed |
| Syslog | Suppressed for the duration of the interval Note: If the host, application name, and message are identical, then Syslog are duplicates. |
| Windows Event Logging | Suppressed for the duration of that interval Note: If the host and EventID are identical Windows Event Logging is a duplicate, even if the messages are different. You can override this behavior by unchecking the Suppress duplicate IDs even when messages differ option. For more information, see Windows Event Log Monitoring. |
| Script Event | The suppression of duplicate alerts for Script Events is controlled by the alerts per host. If alerts are suppressed, the collector displays the collector events (for example, SEC: reaches threshold for). |
Note: If there are too many duplicate alerts for Log Files, Syslog, or Windows Event Logging, consider lengthening the time of the Clear After interval.
To configure alert notification with email, text, or another method, you must configure alert rules. For more information, see Alert Rules.