SCOM Alerts from Windows Events

Having spent some time on the Service Model, I’ll start to look at some monitoring to help us build a Health Model.

I’ll start with what is usually a straight forward requirement – monitoring a windows log e.g. the application log – and generating an alert if a specific event id is detected. I've made it a little more complex by alerting on either of 2 event id's but it is straight forward to simplify the expression filter if required.

And I’ll assume that you have followed by initial MP authoring series (steps 1 to 3) and have created a management pack and configured the basic properties as well as having created a couple of empty folders in the solution explorer view (see below).

We’ll go through the process of right clicking Rules, Add, New Item

And then choose Empty Management Pack Fragment which for ease of identification I’ve called MultipleEvents.

Copy and paste this code into the empty fragment – you can change the following:

1. Find \ replace gd.myapp with the namespace details of your management pack

2. If necessary, update the target

    

3. Find \ Replace the event ids with the event you are looking to alert against

4. Find \ Replace EventCreate with the event source of the event you want to alert against

5. Change (if necessary) the Priority and Severity:
   

Severity = 2 for Critical, 1 for Warning and 0 for Informational.

Priority = 2 for High, 1 for Medium and 0 for Low.

And you should be ready to go.

Disclaimer:
All information on this blog is provided on an as-is basis with no warranties and for informational purposes only. Use at your own risk.

The opinions and views expressed in this blog are those of the author and do not necessarily state or reflect those of my employer.