How to Create a Simple Log File Event Detection Monitor in Essentials 2007

A simple log file event monitor queries a log file for specific text and sets the health state based on the match. You can specify two pattern matches in the log file: one to set the health state to either warning or error, and the other to set the health state to success.

To create the monitor:

  • Log on to the computer with an account that is a member of either Operations Manager Administrators or Operations Manager Authors.
  • In the management console, click the Authoring button.
  • In the Authoring pane, expand Authoring, expand Management Pack Objects, and then click Monitors.
  • Click the Scope button.

In the Scope MP Objects by target(s) dialog box, in the Look for text box, type Windows Computer, select the Windows Computer target check box, and then click OK.

In the Monitors pane, expand Windows Computer, expand Entity Health, right-click Availability, point to Create a monitor, and then click Unit Monitor.

In the Create Monitor Wizard, on the Select a Monitor Type page, expand Log Files, expand Text Log, expand Simple Event Detection, click Event Reset, and then click Next.  You can either select a Management Pack from the Select destination management pack list or create a new unsealed Management Pack by clicking New. 

On the General Properties page, in the Name box, type a name for the unit monitor, and then as an option, you can type a description.

In the Parent monitor list, click the appropriate parent monitor, and then click Next.

On the Application Log Data Source page (for the First Generic Log), under Define the application log data source, in the Description text box, type a path to where the log files are located.

In the Pattern text box, type a pattern string to select log files, select UTF8 if applicable, and then click Next.

On the Build Event Expression page (for the First Generic Log),click Insert and then do the following:

  • Under Value (on the left), type Params/Param[1].
  • Under Operator, click one of the operators.
  • Under Value (on the right), type an expression to be searched for.
  • Click Next

On the Application Log Data Source page (for the Second Generic Log), under Define the application log data source, in the Description text box, type a path to where the log files are located.

  • In the Pattern text box, type a pattern string to select log files, select UTF8 if applicable, and then click Next.
  • On the Build Event Expression page (for the Second Generic Log), click Insert and then do the following:
  • Under Value (on the left), type Params/Param[1].
  • Under Operator, click one of the operators.
  • Under Value (on the right), type an expression to be searched for.
  • Click Next.

On the Configure Health page:

  • For the SecondEventRaised row, click the name in the Operational State column and type a display name for this condition. Click health state in the Health State column, and then click Error, Warning, or Success.
  • For the FirstEventRaised row, click the name in the Operational State column and type a display name for this condition. Click health state in the Health State column, and then click Error, Warning, or Success.  One of the two events must be configured to set the health state to Success.
  • Click Next.

On the Configure Alerts page, use the default settings or select the Generate alerts for this monitor check box to set custom alert properties, and then click Create.


for additonal details see http://technet.microsoft.com/en-us/library/bb381375.aspx for more info

 

No Comments 12:50 - Apr 16, 2008

Trackbacks

No Trackbacks

Comments

No Comments