Technology Tips and News
SCOM 2007 R2
I'm going by this article for the How-To
http://technet.microsoft.com/en-us/library/bb309597.aspx
I'm monitoring for Event ID 55. I got one on a server but no alert was generated. I tested it using EventCreate.exe, still no alert.
Here's a few screenshots on the config of my monitor.
Why doesn't this work?
For Event Source I used "DNS Name"
I looked up the details for that event id and the source you've specified appears to be incorrect: it should be NTFS
See the following for details:
http://social.technet.microsoft.com/Forums/windows/en-US/c9bbd077-9b27-4a3c-815a-f5a87f2a914e/error-logged-event-id-55-ntfs
So...
Event id equals 55
Event Source equals NTFS
I looked up the details for that event id and the source you've specified appears to be incorrect: it should be NTFS
See the following for details:
http://social.technet.microsoft.com/Forums/windows/en-US/c9bbd077-9b27-4a3c-815a-f5a87f2a914e/error-logged-event-id-55-ntfs
So...
Event id equals 55
Event Source equals NTFS
I looked up the details for that event id and the source you've specified appears to be incorrect: it should be NTFS
See the following for details:
http://social.technet.microsoft.com/Forums/windows/en-US/c9bbd077-9b27-4a3c-815a-f5a87f2a914e/error-logged-event-id-55-ntfs
So...
Event id equals 55
Event Source equals NTFS
I looked up the details for that event id and the source you've specified appears to be incorrect: it should be NTFS
See the following for details:
http://social.technet.microsoft.com/Forums/windows/en-US/c9bbd077-9b27-4a3c-815a-f5a87f2a914e/error-logged-event-id-55-ntfs
So...
Event id equals 55
Event Source equals NTFS
It souned like you were onto something here. But.... the field for Event Source is a drop-down list, and NTFS, or even File System, is not one of the choices. And sure enough, if I open Event Viewer and look at one of the 55s, source is listed as NTFS.
This is my list of choices:
Under Management Group it has Name and ID. I don't think that would help. It appears that I'm at a deadend. I'll Google more.
Its not really a drop down, you can type the text value you need.
The choices you see in there are used when you need to specify any SCOM discovered property of the target entity in your event conditions.
Regards,
Saravanan
Can you try to Manually feed in "NTFS" as the Event Source.
Just enter NTFS as the event source - as shown in the image provided by Saravanan.
This should resolve the issue, let us know how you get on.
I looked at something similar relatively recently, you should probably take a look at the following (especially if you're working with 2012);
Just for information as an alert for this should already be present - take a look at the rule "NTFS - File System Corrupt" this looks for event id55 or 44 from NTFS or DISK...
Chunky.1, yes that was it. It is now working correctly, I'm getting the alerts.
Thank you Microsoft Hopeless Guy, that was a very helpful article. And thanks Marnix.
We're on SCOM 2007. I don't know if that explains why we don't already get the alert that you speak of.
Thank you.
Just enter NTFS as the event source - as shown in the image provided by Saravanan.
This should resolve the issue, let us know how you get on.
I looked at something similar relatively recently, you should probably take a look at the following (especially if you're working with 2012);
Just for information as an alert for this should already be present - take a look at the rule "NTFS - File System Corrupt" this looks for event id55 or 44 from NTFS or DISK...
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier