Home » Microsoft Operations Manager 2005 » Monitor logfile


Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
Inside the Microsoft Operations Management Suite

Monitor logfile

Do you have some strange application with a logfile? It is suitable to monitor that logfile with MOM. Below there is a short walkthrough how to do that. To get this to work you will need a new provider and a new rule.

Create a new provider.
You create provides in Administrator Console, Management Packs, Provides.
Right-click Provides and choose “Create Provide”, fill in information as below
Source of the provider: Application Log
Type: Application Log
Settings: Generic single-log file
Directory: for example C:\LOG
Format: Generic
File Pattern: for example system.log or log*
Click Finish when done

Create a new computer group, name it to some something suitable for example MyApp. Add all computers you want to monitor.

Create a new rule group. Associate the new computer group with your new rule group.

In you new rule group, right-click Event Rules and choose “Alert on or response to event…”
fill in information as below at Advanced on the Event Rule Properties – Criteria tab.
Provider Name: Choose the provider you created before
Field: Parameter 4
Condition: matches wildcard
Value: For example *warning* if we want an alert when that word is in the logfile.
                Click Add to list
                Click Close
Event Rule Properties – Criteria, click next
Event Rule Properties – Schedule, click next
Event Rule Properties – Alert, check “Generate alert, then click next
Event Rule Properties – Alert Suppression, click next
Event Rule Properties – Responses, click next
Event Rule Properties – Knowledge Base, click next
Event Rule Properties – General, input a name and click finished

That should do it!

Note that it can take some minutes before new rules is active. Also note that MOM will start “read” a line when the application has started on a new line. So when the application has start write to line 2 MOM will read line 1.

I have upload screenshots with all settings, you can find them under screenshots.


  1. Hi,

    I have followed the same steps provided. but still MOM agent is not able to detect the log file. Have checked the event log and it says, new event rules are loaded on the server.

    Can you please advise.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.