Windows events or Event Viewer items are not like other threshold items (e.g., CPU, memory) because they cannot be monitored or acted upon based on a clear threshold. Instead, alerts for Windows events are triggered by the agent reading information about a specific event from the Windows event log and then writing it to the Atera platform.
Due to the nature of how we monitor Windows events in Atera, there is no straightforward action that can be taken to automatically indicate when an event has been resolved. As a result, resolving an alert for a Windows event typically requires a manual confirmation that the issue has been resolved.
What's the difference?
To illustrate the difference between threshold monitoring and Windows event monitoring, consider the example of monitoring memory usage using a threshold profile in Atera. If the memory usage exceeds the predetermined threshold that we have set up, an alert is triggered and displayed on the Alerts page and Dashboard. Once the percentage of memory usage falls below that threshold, the alert is automatically resolved and removed from the dashboard.
On the other hand, alerts triggered by Windows events are displayed as continuous information, as there is no clear threshold to monitor. These alerts will continue to be displayed on the dashboard until the alert is manually resolved.
Note: Event ID and failed login attempt type alerts will not auto-resolve.
Note: A new alert will not be generated if the Event ID is triggered more than once in a 60-minute period.
Click here for more information.