First go to the Authoring space.Then go to Management Pack Objects then Monitors. Go ahead and scope the list for Windows Computers. Expand out Windows Computers and Entity Health. Right Click on Availability and select Create a Monitor then Unit Monitor...
When the Create a unit monitor wizard opens up expand out Log Files then Text Log then Simple Event Detection. You have three choices here:
- Event Reset - 2 States, Alert and Auto Resolve
- Manual Reset - 1 State, Alert - Manually resolve
- Timer Reset - 2 State, Alert and Auto Resolve (Time based)
For General Properties, give the monitor a Name and a description if you like. The target should be Windows Computer and the Parent monitor should be Availability. I uncheck Monitor is enabled so I can enable it on specific servers later with an override later. Click Next
On the Application Log Data Source enter the path of the log file in Directory. In Pattern enter the name of the log file. If the log file has a static name you can enter it in, if the log file is dynamically generated you can use a wildcard (*) to denote the change. I.E. LogFile*.txt in place of LogFile01.txt, LogFile02.txt etc. Click Next
In Build Event Expression we will be setting the the first state which is the Error State. Click Insert. In Parameter Name type Params/Param[1], the Operator is Contains and the Value is the fail entry on the log file. In our text example it will be the word Down. Click Next
In Application Log Data Source we will be building our Second state which is the recovery state. Once again enter the location of the .txt file in Directory and the name of the file in Pattern. Click Next
For building the second expression Click Insert. Parameter name is Params/Param[1], the Operator is Contains and the Value is the recovery entry on the log file. For the recovery state we will be using the word Up. Click Next
In Configure Health we need to determine which state is which. For First Event Raised change it to Critical. For Second Event Raised Change that to Healthy. Click Next
Now we want to configure alerts for this monitor. Check the Box Generate alerts for this monitor. You can configure the alerts however fits your situation best. Click Create
The final step is to setup an override for the server you want to monitor. Right Click on the Monitor and select Overrides, then Override the Monitor then For a specific object of class: Windows Computer. You will be asked for the computer name, select it and Click OK. In the Override check the Enabled check box and change the Override Value to True. Click Apply
If you go into Health Explorer of the server you will now see under Availability the new monitor you just created. You can test the functionality by manually putting in the failed state criteria in the log file and saving it.
More to come!
If you like this blog, give it a g+1
How did you determine the Parameter Name?
ReplyDeleteYou're talking about Params/Param[1]? This is the default place holder that SCOM uses to build expressions with. You can substitute the 1 with any other number if you you are looking for multiple criteria but it has to be in this format.
ReplyDeleteHello Jim!
ReplyDeleteAs a person new to SCOM, this particular blog post made my day! A customer had enquired on the very issue you write about here so clearly.
I've put in place my monitoring and I'll see how it goes.
I can easily see myself developing affection for SCOM, especially if it works the way I want it to.
Daniel
Fantastic blog post and very informative and clearly illustrated!
ReplyDeleteA colleague has enquired to me today on whether this sort of monitoring was possible and in the past I'd offer a VBScript solution, but with SCOM 2012 the possibilities have widened.
Cheers!
Daniel,
ReplyDeleteI'm glad you found this post helpful!
Jim
What does this monitor look like with respect to an XML dump?
ReplyDeleteRavi,
ReplyDeleteIt won't work on .xml files but if you can drop your data into a .txt or .csv file it should work as described.
Jim
Very useful info , Thanks Jim
ReplyDeleteThanks Yusuf!
ReplyDelete