The System Center Operations Manager Support Team Blog

This is the OpsMgr 2007 blog for the Microsoft support team. If you were looking for the SCOM 2007 or MOM 2005 blog then you are in the right place.

OpsMgr 2007: How to create an Alert rule based on an Event description

OpsMgr 2007: How to create an Alert rule based on an Event description

  • Comments 2
  • Likes

Here's a cool tip sent to me by Milan Jajal, a support engineer in our Manageability group.  If you ever find the need to create a rule based on the description of an event then this one's for you:

========

If you need to generate an alert based on the description contained within an event then follow these steps:

1. Open the Operations Manager Console.
2. Go to Authoring.
3. Under Authoring - Management Pack Objects - Select Rules
4. Right click on Rules and select - Create a new rule
5. Select Alert Generating Rules - Event Based - NT Event Log (Alert)
6. On the same screen select your destination management pack and click Next
7. Give a name to your Rule and optionally give it a Description.
8. Rule Category can be anything you like.
9. Select the Rule Target as the class of your choice, normally it can be Windows Computer.
10. Make sure the Rule is Enabled and select Next.
11. Select the Event log name from where event will be monitored and click Next.  (for example Application or System or Security)
12. Build the Expression to filter the events with the below details:
     a. Parameter Name = Event ID, Operator = Equals and Value = (any event id of your choice)
     b. Parameter Name = Event Source, Operator = Equals and Value = (any source of your choice) (you may delete this filter if you want)
     c. Click on Insert button at Top and it will put the cursor at Parameter Name, click square button with 3 dots [...] and it will popup another screen.
     d. In that box, select the 3rd radio button named 'Use parameter name not specified above' and there manually type 'EventDescription' (without quotes) and click OK.
     e. Then come back to filter screen, now here you will see Parameter Name = EventDescription, and for Operator select Contains and then for Value you can type any word you want to key on from the Event description.
13. After building the desired Expression, click Next.
14. Configure Alerts as you like and click the Create button.

Once you complete these steps, this will monitor the event logs and if the event description matches it will generate and alert for you.

========

Thanks Milan!

J.C. Hornbeck | Manageability Knowledge Engineer

Comments
  • I'd like to know two things:

    1. Is it possible to create a Rule Category?

    2. Why aren't the custom alert fields available for Monitors?

  • hi,

    after configuration i am not able to get the alerts..
    even i am troubleshooted some more better but can' able..

    can you please help me some more

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment