Is your MOM to sensitive and sending you alerts in early stage? As you presumably know you can change thresholds and modify all rules to suite your environment better. I will show one way to do that in this post. In this example I will collect event ID 2 from the Application log and when there has been two alerts with event ID 2 within one minute I will generate an alert.
Start by create one rule to consolidate similar events with the following settings
- Data Provider – Provider Name: Application
- Data Provider – Provider type: Windows NT Event Log
- Criteria – with event id 2
- Schedule – Always process data
- Consolidate – Choose Event number, Source Name, and input set that events must occur within 60 seconds
- Knowledge Base: Input a suitable text
- General: Input a suitable name and verify that the rule is enabled
- Data Provider – Provider Name: Application
- Data Provider – Provider type: Windows NT Event Log
- Criteria – event ID 2 and repeat count is at least 2 (Advanced criteria)
- Schedule – Always process data
- Alert – Check the box to generate alert
- Alert Suppression – leave default settings
- Responses – add suitable if needed
- Knowledge Base: Input a suitable text
- General: Input a suitable name and verify that the rule is enabled
That’s it. After two events with event ID 2 and the same source name you will get an alert.
[…] take a look at this, http://contoso.se/blog/?p=135 , I think it is what you want to […]
[…] Alarm after N repetition Hi Fabio, Please take a look at http://contoso.se/blog/?p=135 — Anders Bengtsson Microsoft MVP – Operations Manager http://www.contoso.se F> I really […]