Overview
Symantec Monitoring utilizes the Windows Event Log sub-system to report all errors and status messages. The EV Blacklist – EventID monitor and the EV Blacklist – Message monitors are used to trigger alerts based on specific eventIDs and messages.
Symantec End-Point Protection
Symantec End-Point Protection (SEP) utilizes the Windows Event Log sub-system to report all errors and status messages. LabTech employs the use of the Event Log Blacklist – EventID to monitor for all critical SEP events. Any Event Log message matching the following EventID’s will trigger an alert if the EV Blacklist – EventID Internal Monitor has been installed.
The following will trigger an alert: 1090, 1091, 1092, 1093, 1094, 1095, 1096, 1097, 1098, 1099, 1100, 1101, 1102, 1103, 1104, 1105, 1106, 1107, 1108, 1109, 1110, 1111, 1112, 1113, 1114, 1115, 1116, 1117, 1118, 1119, 1120, 1121, 1122
Symantec Backup Exec
Symantec Backup Exec (BackupExec) utilizes the Windows Event Log sub-system to report all errors and status messages. LabTech employs the use of the Event Log Blacklist - Message to monitor for all critical BackupExec events. Any Event Log message matching the following messages will trigger an alert if the EV Blacklist – Message Internal Monitor has been installed.
The following event messages will trigger an alert:
- "Backup Exec Alert: Job Failed%"
- "Backup Exec Alert: Job Cancellation%"
- "Backup Exec Alert: IDR%"
- "Backup Exec Alert: Tape Alert%"
- "Backup Exec Alert: Device Intervention%"
- "Backup Exec Alert: Media Error%"
- "Backup Exec Alert: Media Warning%"
- "Backup Exec Alert: Media Intervention%"
- "Backup Exec Alert: Media Overwrite%"
- "Backup Exec Alert: Media Remove%"
- "Backup Exec Alert: Media Insert%"
- "%An error occurred%"
- "%corrupt%"
- "%failed%"
- "%could not connect%"
- "%could not access%"
- "%not enough disk space%"
- "%buffer overflow%"
- "%could not start%"
- "%error%"
- "%unable to register%"
- "%unable to connect%"
- "%inconsistency%"
- "%unable to acquire%"
- "%service was stopped%"
- "%did not start%"
- "%cannot start%"
- "%must run under%"
- "%timeout%elapsed%"
- "%unable to determine%"
- "%unable to get%"
- "%unable to retrieve%"
- "%tape drive%problems%"
- "%risk%"
- "%damaged%"
- "%faulty%"
- "%preventive%"
- "%invalid%"
- "%end of%life%"
- "%corrupted%"
- "%hardware fault%"
- "%problem%"
- "%cleaning%"
- "%write-protected%"
- "%Environmental conditions%"
- "%hardware failure%"
- "%could not%"
- "%cannot operate%"
- "%hardware failure%"
- "Backup Exec Alert: Tape Alert%"
- "Backup Exec Alert: Media%"
- "Backup Exec Alert: Device Intervention%"
- "%write protected%"
- "%mismatched%"
- "%overwriteable media%"
- "Backup Exec Alert: Media%"
- "%cannot use%"
- "%did not%"
- "%Warning%"
- "%unable to%"
- "%cannot be established%"
- "%lost%"
- "Port 3527%"
- "%exception%"
- "%could not%"
- "%cannot communicate%"
Document Revision History
| Date | Notes |
| 03/14/2012 | New Document |
