Custom alerting based on distributed applications
Measure bandwidth with Azure MonitorCollecting Events
I have received a number of questions lately regarding event collection. In this post I will show you how you can collect events and review them both in reports and in the console.
Start by creating a new rule, authoring/rules/create a rule/collection rule/NT event log. The collection rule will only collect, not generate any alerts. In my example I use Windows Server 2008 Computer as target. I will create the rule disable as default. Then override and enable it for a group including a couple of windows server 2008 computer objects.
When you have created the new rule you can create a new event view in the monitoring workspace. Remember to create the new view in the same MP as the collection rule is stored.
The next step is to create a report. You can use the generic Custom Event report to create a linked report showing all the events. Run the Custom Event report and select a couple of windows server 2008 computers as objects, filter the report for example in my example Event ID equals 666. Note that you have to check its checkbox for every report field you want to include. If you check any checkboxes you will get a empty report.
If you don’t like the default event report you can author a new in Visual Studio. You can read my guide about that here and use the following query when building the data set in Visual Studio
SELECT
vEvent.DateTime,
vEventPublisher.EventPublisherName as ‘EventSource’,
vEventLoggingComputer.ComputerName as ‘Computer’,
vEventLevel.EventLevelTitle as ‘Type’,
vEvent.EventDisplayNumber as ‘EventID’,
vEventChannel.EventChannelTitle,
vEventUserName.UserName,
vEventDetail.RenderedDescription as ‘EventDescription’
FROM
Event.vEvent LEFT OUTER JOIN
vEventUserName ON vEvent.UserNameRowId =
vEventUserName.EventUserNameRowId LEFT OUTER JOIN
vEventCategory ON vEvent.EventCategoryRowId =
vEventCategory.EventCategoryRowId LEFT OUTER JOIN
vEventPublisher ON vEvent.EventPublisherRowId =
vEventPublisher.EventPublisherRowId LEFT OUTER JOIN
vEventLoggingComputer ON vEvent.LoggingComputerRowId =
vEventLoggingComputer.EventLoggingComputerRowId LEFT OUTER JOIN
vEventLevel ON vEvent.EventLevelId = vEventLevel.EventLevelId LEFT OUTER JOIN
vEventChannel ON vEvent.EventChannelRowId =
vEventChannel.EventChannelRowId LEFT OUTER JOIN
Event.vEventDetail ON vEvent.EventOriginId = vEventDetail.EventOriginId
WHERE vEventLevel.EventLevelTitle = ‘Error’
ORDER BY vEvent.DateTime, vEventLoggingComputer.ComputerName
To generate test events you can use eventcreate, which is built-in into Windows 2003 and 2008. For example run “Eventcreate /L Application /D “test†/T ERROR /ID 666” .To generate an event in the application log with event ID 666 and “test†as event description.
System Center Training
I would like to inform you about two great Operations Manager courses that will be delivered in Sweden this spring.
Microsoft System Center Suite Bootcamp
The SMSE Bootcamp is a dynamic, new 3-day training course from the System Center Technical Readiness team which brings together the core products from Microsoft’s System Center Suite in a series of “Real World”, data center management scenarios. The course has been specifically designed for Technical Consultants to give them the skills and understanding they need to successfully implement the System Center Suite for customers and end users. The course consists of a series of instructor led, hands on labs (HOL), which guide the student through the steps required to both successfully configure and use System Center Operations Manager 2007 (OpsMgr), System Center Configuration Manager 2007 (ConfigMgr), System Center Data Protection Manager 2007 (DPM) and System Center Virtual Machine Manager (SCVMM) in conjunction with core data center applications such as Microsoft SharePoint Server 2007 and Exchange Server 2007 running on the Microsoft Hyper-V platform.
For more information click here (info in Swedish)
Master Class: Management Pack Authoring
This is the course for you who wants to learn how to author a management pack. It is a 3-day course including
- Management Pack architecture
- Management Pack tuning
- Management Pack advanced features
- Sealing a managmenet pack
- Author reports for all databases in Ops Mgr 2007
- The Authoring Console
- Linked Reports
- Data Warehouse architecture
- Author performance, events and security reports
- Author custom reporting with Visual Studio
- Connectors
- the universal connector
For more information click here
Enable ACS forwarding for a group
I have seen a number of scripts on the Internet to enable ACS forwarding for multiple machines. Unfortunately they are not always working or they have to many variables to adjust. But, there are two scripts on the Operations Manager CD that you can use, one for enable and one for disable ACS forwarders.
- DisableForwarding.ps1
- EnableForwarding.ps1
If you have a custom group, including a number of machines, for which you want to enable ACS forwarding, you can follow the steps below
- In the Operations Console, navigate to the Monitoring workspace, then click the Discovered Inventory view
- Click Change Target Type, in the action pane
- In the Select a Target Type window, select View all target, then select Computer Group and click OK
- Right-click a group and select Open and Command Shell from the context menu
- Input C:\EnableForwarding.ps1 <FQDN ACS Collector> and press Enter to run the script (ex C:\EnableForwarding.ps1 ms01.contoso.local)
- In the popup window, input Operations Manager administrator credentials
- Input cd ..
- Input get-monitoringclass –name “Microsoft.SystemCenter.ACS.Forwarder†| get-monitoringobject | ft pathname
- Verify that all machines in your group is in the list of ACS forwarders
- Input exit to close command shell
If you have your groups in a unsealed management pack you might need to seal that management pack first. There are guides about that here and here.
Recent Comments