Hi All,
I had a query about event logs monitoring through SCOM 2012. Can I monitor all the event logs and throw an alert if it encounters a critical or warning logs.
Regards,
Daya Ram
event logs monitoring in scom 2012
May 21st, 2014 2:18pm
Hi,
Please refer to these:
SCOM Friday Rules NT Event Rule (Alert)
http://stefanroth.net/2014/05/01/scom-friday-rules-nt-event-rule-alert/
SCOM 2012 - How to Generate Alerts from the Event Log
http://jimmoldenhauer.blogspot.dk/2013/03/scom-2012-how-to-generate-alerts-from.html
SCOM: Monitoring Windows Event Logs Using SCOM
http://opsmgradmin.blogspot.dk/2011/05/scom-monitoring-windows-event-logs.html
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2014 3:04pm
yes, it's possible
First go to the Authoring space.Then go to Management Pack Objects then Monitors. Go ahead and scope the list for Windows Computers. Expand out Windows Computers and Entity Health. Right Click on Availability and select Create a Monitor then Unit Monitor...
When the Create a unit monitor wizard opens up expand out Windows Events then Repeated Event Detection (we did Simple Events last time so this time I want to show you how to look for repeated events). When you get to Repeated Events you again have three choices:
- Manual Reset - 1 State, Alert - Manually resolve
- Timer Reset - 2 State, Alert and Auto Resolve (Time Based)
- Windows Event Reset - 2 State, Alert and Auto Resolve
Also you can refer below link
http://opsmgradmin.blogspot.com/2011/05/scom-monitoring-windows-event-logs.html
May 21st, 2014 6:53pm
Hi,
As far as I know, with one monitor, we should specify one event log name to read events from, such as Application, System, Security and so on. And with the monitor we should also configure the event ID and event source which can fire an alert. So I don't think we can use monitor to monitor all event logs. And if there is a way, there may be alert storms.
Regards,
Yan Li
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2014 5:56am
You should at least create three event log monitors for monitoring system log, setup log and application log. For event expression, you just use error or warning error level as a criteria.
Roger
Roger
- Marked as answer by Yan Li_Microsoft contingent staff, Moderator Tuesday, June 03, 2014 2:31 AM
May 23rd, 2014 6:54am
Hi, Any consolidate report which gives output for all critical, warning event logs for all servers.
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2015 7:04pm
This topic is archived. No further replies will be accepted.
Other recent topics
