I have update the MP in recovery part. It was not possible to override the recovery properly, because using a standard script response does not allow overriding the ARGUMENTS parameter of the script (actually it does allow, but it does not work as expected - EventLogName is not resolved, since the target is passed as a string not an object).

So basing on Brian's (http://blogs.technet.com/brianwren) input I created a custom write action module that allows you to override the COMPRESS flag and the Backup log destination folder as separate parameters. Attached is the corrected MP now (version It also has some built in groups to let you divide your servers based on the disk on which you want to store local event log backups (see overrides on the recovery for more details).

I have done some small work to update my backup event logs MP for MOM 2005 to 2007 (http://blogs.technet.com/alipka/archive/2006/04/09/monitoring-and-backing-up-event-logs-with-mom.aspx). I attach it to this blog post. The MP has been roughly tested on SP1 RC, but should work with SP1 RTM, for SP0 you need to change probably only the reference section.

By default it performs following:

- discovers all event logs on all computers

- monitoring is enabled by adding an override for the group "MCS EventLog monitoring computer group" to enable the discovery "Event Log File Discovery" which is disabled by default

- after monitoring is enabled you can do some customization of thresholds (80 and 90% by default AFAIR) and you have a recovery task to perform local backup (you can override script parameters, which include folder to which to backup and compression bool value - for compression I use compress.exe from Windows ResKit - it needs to be locally on the server in target location of backed up event logs).

You can then expand the MP further to add automatic recovery, shipping saved logs remotely etc.

It also ships with some default views.

Here is a preview:



image image

Enjoy. As always please do thorough testing and customization before using it on production.