🚀 Automated Server Event Log Analyzer & Notification Tool

Real-Time Visibility for All MSP Teams

As part of our ongoing initiative to reduce blind spots and improve real-time operational awareness across all 6 MSP's we own, we’ve deployed a fully automated Server Event Log Analyzer that processes server event reports from Datto and delivers actionable summaries directly to each MSP’s Slack channel.

For context, we rely on Datto RMM for monitoring and alerting across all managed endpoints. Datto provides the raw data—scheduled server event log reports that run automatically on a daily interval. Until now, these reports were only available if someone manually reviewed them, which meant issues often slipped through the cracks unless a technician actively went looking for them.

This new automation eliminates that manual bottleneck.

📂 How It Works – End-to-End Workflow

1. Datto Generates Daily Server Event Log Reports

Every day, Datto runs a scheduled report containing all server event log alerts from the previous period.These reports include issues such as:

Disk corruption or MFT errors
Failed services
Authentication or AD/GPO failures
Backup service issues
Recurring or noisy alerts across servers

2. Datto Drops the Report Into a Watched Google Drive Folder

Datto is configured to deposit the CSV export into a specific folder.

3. Google Drive Watch Trigger Kicks Off the Automation

Our workflow checks the folder every hour. As soon as a new file appears:

n8n downloads the CSV
Extracts the contents into structured JSON
Processes and normalizes the data

4. AI Organizes Alerts by Business Unit (MSP)

Because we operate six separate MSPs across the country, the workflow intelligently identifies which alerts belong to which business unit.

This is done by parsing the site names and extracting the MSP prefix:

Each MSP's alerts are isolated into their own dataset, to help reduce noise.

5. Each MSP Dataset Is Sent to Its Own LLM Analyzer

Once separated, each dataset is passed into a dedicated AI chain that:

Groups and clusters related alerts
Identifies repeated issues and patterns
Ranks issues by severity (High / Moderate / Low)
Highlights disk errors, AD issues, service failures, etc.
Extracts real client names from site names
Summarizes affected devices and potential risk
Generates recommended remediation steps

All analysis is based solely on the real data from Datto—no hallucinations.

6. AI Summaries Are Sent to MSP-Specific Slack Channels

Each business unit receives its own neatly formatted summary containing:

High severity alerts requiring immediate attention
Moderate and low-severity findings
All repeated or recurring alerts
Device-level impact
Recommended next steps
Overall risk summary

By automating the entire flow—from Datto’s report generation to intelligent analysis and Slack delivery—we’ve turned a previously reactive, labor-intensive process into a streamlined, proactive system that keeps every MSP informed and empowered. This workflow ensures that critical server issues never go unnoticed, supports faster decision-making, and reinforces our commitment to delivering reliable, high-quality service across all locations.

2 comments