Recently we got a request from our customer to monitor few custom applications wherein they wanted to monitor Event IDs as well. Earlier they wanted to monitoring to be done only focus on the Event ID only, however when they see the report, they also need to be monitor the Event Source and Event ID. So, below are the steps involved in enabling Windows Event ID monitoring thru SCOM:
Let’s start..
What’s required?
Below information gather from our customer that we can used to monitor:
1. Source ID
2. Event ID
Step 1: Create Monitor Rules
1. Login SCOM console and click on Authoring
2. Expand Management Pack Objects and click on Rules
3. Right-Click on Rules and click Create Rules
4. Select Event Based > NT Event Log (Alert) rules and destination of Management Pack, and click Next
5. Insert Rule Name, Description, Rule Category, and Rule Target as below;
Rule Name: Event Viewer Monitoring
Description: Monitor Event Viewer ID: 8888 & Source ID: MSSQLSERVER
Rule Category: Alert
Rule Target: Windows Computer
Then, click Next
Note: If you tick Rule is enabled, this rule will discovery all the Windows Computer
6. Click Next
7. Insert Event ID and Event Source and click Next
8. On the Configure Alert page, set the priority to High and severity to Critical and click Create
9. Taadaaaa. You already create the Monitor Rules. Next step is to override the monitor rule. If you want to point directly to certain servers, yes you are required to override this rules else just leave it.
Configuration completed. If your event viewer logged the log from Event ID:8888 or Source ID: MSSQLSERVER, you will viewer the alert sending to SCOM.
You might want to view;
[SCOM] – Override Rules
[POWERSHELL] – Simulate an Event Viewer Error Log
No comments:
Post a Comment