This may be old news, but it is a handy reference for OpsMgr admins, when asked to monitor for specific events from security event logs:   Windows Server 2003:  http://technet.microsoft.com/en-us/library/cc163121.aspx Windows Server 2008:  http://www.microsoft.com/download/en/details.aspx...

I have had several blog posts in the past discussing how to write rules and monitors against multi-instance objects.  Special care must always be taken when writing workflows against classes where an agent can host more than one instance of the same class type.  Examples would be Logical Disk...

The Basic Service Unit Monitor is a very common monitor type to check the running status of any Windows Service.   The design of this Monitor by default – is to ONLY monitor the service – if the Startup Type is set to “Automatic” This is because many services are set to manual or disabled by design...

I had an interesting customer request.  The customer has a boundary of responsibility where the OS/Hardware team is responsible for ALL C: drives on all servers.  However, the individual application teams are responsible for ALL OTHER disks, which are used for applications. Therefore, for notification...

In my previous post similar to this topic , we discussed how to check for the existence of a registry key or value, and alert/change state if it was missing. But what if you want to inspect the contents of a registry value for specific data? For instance – what if we want to inspect a specific...

There are many examples of using a discovery for a new class or extended class, based on a registry key. What if – you just want to monitor for a specific registry key – and turn your agents to a warning or critical state if it is missing? Consider the scenario: CompanyX stamps...

The business need: It is a very common request to monitor a process on a given set of servers, and collect that data for reporting, or monitor it for a given threshold. One thing you might notice when trying to monitor some performance counters, is that not all perf counters in perfmon behave the way...

This is a rare but interesting scenario… which can cause you to see and monitor duplicate objects (and get duplicate alerts) for specific types of discovered hosted objects that have a parent class which was upgraded from one version to another. For instance – if you upgrade SQL 2005 > SQL 2008, or...

Or – How to use the <AllowProxying> XML item.   When you monitor the event log in OpsMgr, there is some built in security that the agent modules perform.  Normally this wont affect you, except for unique situations where events are logged from/by another computer, or in the case of MS...

Here is an interesting little concept of how to use OpsMgr. Because I have a lab, that is exposed to the internet over port 3389, I get a LOT of hacking attempts on this lab.  Mostly the source is from bots running on other compromised systems.  These bots just do brute force attacks against...

We have several “Time” variables, to which you can add to a notification subscription format, which will include a timestamp of something related to the alert.  For instance: From: http://blogs.technet.com/kevinholman/archive/2007/12/12/adding-custom-information-to-alert-descriptions-and-notifications...

This is something a LOT of people make mistakes on – so I wanted to write a post on the correct way to do this properly, using a very common target as an example. When we write a monitor for something like “Processor\% Processor Time\_Total” and target “Windows Server Operating System”…. everything is...

I have been seeing this question come up a lot lately – as customers try and create groups of their disks – in order to create overrides for “certain” disks.  So – I am creating this post to give some real world examples.   Well – I will start this simply.  Say we want to create a group...

Attached you will find a spreadsheet, with all the possible alert notification subscription variables that I am aware of. In this spreadsheet, I link these to the same values in the Alert table of the DB, the alert view of the DB, the Console alert view, the SDK (Get-Alert), and lastly the new R2 Connector...

I didn't realize this feature got added – very nice.   In OpsMgr SP1 – we had to use some hacks to get the Alert Description formatted to be nicely readable.  I wrote about this HERE .  The problem was – we could add a </BR> to the alert description and get this to work in SP1 –...

So – in my previous post on the basics of MOMScriptAPI.LogScriptEvent, we talked about how to take your own script – and log an event to the OperationsManager Windows Event Log. One of the challenges with this – is that it will not allow us to add multiple parameters to the event. Using the Probe...

This is very basic 101 stuff.  I provide some links to some much deeper articles.   When converting MOM 2005 scripts…. on of the common things to do is to change the way events are written. In MOM 2005, we would most commonly use a custom method, ScriptContext.CreateEvent, which would create...

There are several examples in blogs on how to create a generic text log rule to monitor for a local text file (Unicode, ASCII, or UTF8). This will be a step-by-step example of doing the same, however, using this to monitor the log file on a remote UNC path instead of a local drive.  This is useful...

Sometimes getting the web application recorder to capture a web session can be a little tricky.  I have blogged about some typical issues you might run into HERE   Something I noticed today, with R2: When running the R2 console on an x64 machine – the web recorder bar is not coming up. ...

I have had a few requests now for this, so I thought I would take the time to write up the process.     Lets say I have three support levels of servers:   Level 1 – servers critical to business operations (ex: customer facing web applications, SQL back-ends) Level 2 – important servers...

Here is a quick tip on using a regular expression when creating a group.   OpsMgr dynamic inclusion rules are case sensitive. If I have a group that I want to contain all computers that START with “OM”…. I can use the following expression:     The “^” tells regex to start a new line… without...

So…. with the introduction of Server 2008 into OpsMgr… as a monitored agent, you might need to re-evaluate some of your old rules.   Almost all (if not all) of the basic event ID’s and parameters, in the security event log, have changed.    For instance, I had a rule to alert me on every...

I recently got this question from a customer… and felt it would be good to blog about this. The customer wants to create an Alert, anytime there is a event in the System event log, from a USER32 event source:   HOWEVER – it is a best practice in SCOM – to create our event matching criteria to be...

So – this is a first part, of a multi-post series on creating groups.   The most common reason we create groups in OpsMgr… is to scope Notifications, Views, and to use for overrides. Most of the groups my customers create are dealing with Windows Computer objects.  The reason for this, is that...

Boris wrote a cool article HERE on how to populate a group of computers in OpsMgr, from an external source…. such as active directory. In his published example – you run an LDAP query to AD, to return a recordset list if computers, in order to populate them into a group. This post will extend that...