Is it possible to have SCOM to monitor and alert on all of the critical error events from the Windows application and system logs? One of our servers had an unexpected shutdown due to a failed disk driver. There are a few error events logged in the Windows system log reporting the failure but SCOM didn't pick them up: Event ID:11 Source: arcsas Description: The driver detected a controller error on \Device\RaidPort3 We have got the IBM management pack installed on SCOM and the IBM director agent installed on the agent server, but it didn't pick up the error as well. I understand that I can create a custom rule in SCOM to monitor this specific event. But this will not help to pick up other critical events from the Windows logs in the future. So can we configure SCOM to monitors every critical alerts from the windows logs? Thanks

You can do it. Just create a rule with the only one condition "Event Level equals error". But that's a definitely not recommended way to monitor your servers.http://OpsMgr.ru/

I'm just worried that doing this will bring lots of noises into SCOM. The Management server has got only 4 GB of memory, so it may not able to handle the increased noises. Can we be more specific for targeting the errors or is there a summary of common event IDs that we could alerts on by creating custom rule for each?

Events (errors) can be generated by a hunderds of different sources (system, system roles, applications that may vary very much etc etc)... You can create an agent task or rule that will run a script like this to pull all errors occured in last 24 (you can change this :)) hours: Dim dateStamp, EventDate, DateNow, EventCode DateNow = Now() strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colLoggedEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where EventType = 1") For Each objEvent in colLoggedEvents EventDate = GetVBDate(objEvent.TimeGenerated) If DateDiff("h",DateNow,EventDate) > -24 Then WScript.Echo "================================" Wscript.Echo "Event date: " & EventDate Wscript.Echo "Event Source: " & objEvent.SourceName Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "Description: " & objEvent.Message End If Next Function GetVBDate(wd) GetVBDate = DateSerial(left(wd,4),mid(wd,5,2),mid(wd,7,2))+ TimeSerial(mid(wd,9,2),mid(wd,11,2),mid(wd,13,2)) End Function http://OpsMgr.ru/

Events (errors) can be generated by a hunderds of different sources (system, system roles, applications that may vary very much etc etc)... You can create an agent task or rule that will run a script like this to pull all errors occured in last 24 (you can change this :)) hours: Dim dateStamp, EventDate, DateNow, EventCode DateNow = Now() strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colLoggedEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where EventType = 1") For Each objEvent in colLoggedEvents EventDate = GetVBDate(objEvent.TimeGenerated) If DateDiff("h",DateNow,EventDate) > -24 Then WScript.Echo "================================" Wscript.Echo "Event date: " & EventDate Wscript.Echo "Event Source: " & objEvent.SourceName Wscript.Echo "Event Code: " & objEvent.EventCode Wscript.Echo "Description: " & objEvent.Message End If Next Function GetVBDate(wd) GetVBDate = DateSerial(left(wd,4),mid(wd,5,2),mid(wd,7,2))+ TimeSerial(mid(wd,9,2),mid(wd,11,2),mid(wd,13,2)) End Function http://OpsMgr.ru/