question

shockoMS avatar image
0 Votes"
shockoMS asked Sky-3455 answered

Monitoring Approach for FSLogix

We have started a POC of using FSlogic O365 container and profile container. One thing I am struggling with is the monitoring approach. It seems the product uses a mix of Windows event logging and file logging (with some ETL file also). To develop a monitoring and alerting approach though I would need to know whats logged and to where. Is this documented anywhere? We recently had an issue where some users O365 container VHDX could not be loaded. This was not picked up and so our business were not happy.  I could tail the logs file using Splunk or the like but I need a reference for what's logged to build a parser or a list of Windows EventIDs to monitor for in the Windows Event Log.

windows-server-fslogix
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sky-3455 avatar image
0 Votes"
Sky-3455 answered

We are having the similar issues.

We will either configure an event forwarding policy to a central log repository, or create task using task scheduler to trigger some action in case any error message logged on Event log under Applications and Services Logs -> Microsoft -> Fslogix -> Apps -> Operational.

We are going to enable prevent logon failure registry settings as well.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.