Home » Microsoft Operations Manager 2005 » Is your MOM to sensitive?

Contoso.se

Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP
MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
OMS
Inside the Microsoft Operations Management Suite

Is your MOM to sensitive?

Is your MOM to sensitive and sending you alerts in early stage? As you presumably know you can change thresholds and modify all rules to suite your environment better. I will show one way to do that in this post. In this example I will collect event ID 2 from the Application log and when there has been two alerts with event ID 2 within one minute I will generate an alert.

Start by create one rule to consolidate similar events with the following settings

  • Data Provider – Provider Name: Application
  • Data Provider – Provider type: Windows NT Event Log
  • Criteria – with event id 2
  • Schedule – Always process data
  • Consolidate – Choose Event number, Source Name, and input set that events must occur within 60 seconds
  • Knowledge Base: Input a suitable text
  • General: Input a suitable name and verify that the rule is enabled
  • Data Provider – Provider Name: Application
  • Data Provider – Provider type: Windows NT Event Log
  • Criteria – event ID 2 and repeat count is at least 2 (Advanced criteria)
  • Schedule – Always process data
  • Alert – Check the box to generate alert
  • Alert Suppression – leave default settings
  • Responses – add suitable if needed
  • Knowledge Base: Input a suitable text
  • General: Input a suitable name and verify that the rule is enabled

That’s it. After two events with event ID 2 and the same source name you will get an alert.


2 Comments

Comments are closed.