I am facing an issue where event ID's configured on a server are not throwing alerts when found.
We are monitoring event ID 394 for AD FS/Admin logs.
alert generation is selected for on event type.
AD FS admin log is selected in log category, I could see 394 events in status tab , which ensures 394 event was generated on server.
Also please note i also found 1 alert generated for event in AD FS logs for separate profile configured on same server.
There is an error found on ntevl log which I need to understand what does this mean ,and what action needs to be taken.
Kindly suggest what needs to be done here.
Based on the message text 'error getting task category for event details' it will be helpful to check the event in window's event viewer.
Hi David ,
Thanks for reply , but server team confirmed that event Id was generated and no alert came.
So what exactly we should be looking for on window's event viewer.
Also is there any changes required to be done on Ntevl probe. Or anything else need to be checked kindly suggest.
Certainly my logic can be totally wrong, but 'error getting task category for event details' is to be understood that the probe read the event and was unable to get the details due to something with the it, most likely the category. No doubt someone else will have a better idea.
Please open a support case so this can be properly researched, analyzed and resolved.