How do I get CRIT to show zero without losing log history?

I have a Windows server that has several CRIT problems listed. These are from the Event logs on the server. I can “Acknowledge problems”, but that doesn’t change the count on the All hosts page. The only way I have found to reduce that count is to “Open Log” and then “Clear log”. The problem with that is that then I lose the log information. Is there a way to reduce the CRIT count without losing the log information? It seems wrong that I have to lose all my log information just to get a critical message that is no longer critical to go away. If I want to be able to look back and see that a computer kept trying to connect to the server using TLS 1.0 and I resolved that problem and it has come back I won’t know that. I can’t search my logs to see that because I cleared them. It would be nice to be able to look at the “All hosts” page and see only green.

The logwatch service check and to an extend even the Event Console are no log management tools.

They are designed to react immediately when a message occurs and then need to forget about them. This is because there is no efficient log message storage implemented.

If you want to know what happened in the past based on message content you need to implement a solution like greylog.

2 Likes

Sorry for the delay in responding. Thank you for the information. I do see that most of what we would want to have available can be found in “Search history”. Appreciate your help in getting me there.