OpsMgr 2007: How to create an Alert rule based on an Event description

Here's a cool tip sent to me by Milan Jajal, a support engineer in our Manageability group.  If you ever find the need to create a rule based on the description of an event then this one's for you:

========

If you need to generate an alert based on the description contained within an event then follow these steps:

1. Open the Operations Manager Console.
2. Go to Authoring.
3. Under Authoring - Management Pack Objects - Select Rules
4. Right click on Rules and select - Create a new rule
5. Select Alert Generating Rules - Event Based - NT Event Log (Alert)
6. On the same screen select your destination management pack and click Next
7. Give a name to your Rule and optionally give it a Description.
8. Rule Category can be anything you like.
9. Select the Rule Target as the class of your choice, normally it can be Windows Computer.
10. Make sure the Rule is Enabled and select Next.
11. Select the Event log name from where event will be monitored and click Next.  (for example Application or System or Security)
12. Build the Expression to filter the events with the below details:
     a. Parameter Name = Event ID, Operator = Equals and Value = (any event id of your choice)
     b. Parameter Name = Event Source, Operator = Equals and Value = (any source of your choice) (you may delete this filter if you want)
     c. Click on Insert button at Top and it will put the cursor at Parameter Name, click square button with 3 dots [...] and it will popup another screen.
     d. In that box, select the 3rd radio button named 'Use parameter name not specified above' and there manually type 'EventDescription' (without quotes) and click OK.
     e. Then come back to filter screen, now here you will see Parameter Name = EventDescription, and for Operator select Contains and then for Value you can type any word you want to key on from the Event description.
13. After building the desired Expression, click Next.
14. Configure Alerts as you like and click the Create button.

Once you complete these steps, this will monitor the event logs and if the event description matches it will generate and alert for you.

========

Thanks Milan!

J.C. Hornbeck | Manageability Knowledge Engineer