Friday, March 8, 2013

SCOM 2012 - How to Generate Alerts from the Event Log

As a continuation of how to set up some custom monitors I wanted to expand out the previous segment on How to Generate Alerts from a Log File and talk about how to create an alert from an event in the Event Logs. If you are given a choice monitoring the event log is preferable to monitoring a log file as the results tend to be a bit more consistent, at least in my experience.

First go to the Authoring space.Then go to Management Pack Objects then Monitors. Go ahead and scope the list for Windows Computers. Expand out Windows Computers and Entity Health. Right Click on Availability and select Create a Monitor then Unit Monitor...

When the Create a unit monitor wizard opens up expand out Windows Events then Repeated Event Detection (we did Simple Events last time so this time I want to show you how to look for repeated events). When you get to Repeated Events you again have three choices:
  • Manual Reset - 1 State, Alert - Manually resolve
  • Timer Reset - 2 State, Alert and Auto Resolve (Time Based)
  • Windows Event Reset - 2 State, Alert and Auto Resolve
For this example we are going to use Timer Reset. Select a management pack and Click Next

In General Properties, go ahead and give the monitor a name, uncheck Monitor is enabled and Click Next

In Event Log Name select the event log you are targeting, in our case it will be Application. Click Next

For Build Event Expression enter in the ID of the event you will be looking for, and the Event Source. Click Next

In the Repeat Settings change the Counting Mode: to Trigger on count, and the Compare Count to 10. Then set the interval time to 5 Minutes. This will go out and check the log for your event and if it finds more than 10 failures in 5 minutes it will generate an alert for this event. Click Next

Next set your Auto Timer Reset to 2 minutes. This means the alert will self resolve after two minutes and close. Click Next

Now we want to configure the health settings for failure and healthy. Change Repeated Event Raised to Critical and Click Next

For Configure alerts go ahead and Check Generate Alerts for this monitor. You can configure your alert and the description as required for your particular situation. Click Create

Now we need to enable the monitor for your test server. Right Click on the Monitor and select Overrides, then Override the Monitor then For a specific object of class: Windows Computer. You will be asked for the computer name, select it and Click OK. In the Override check the Enabled check box and change the Override Value to True. Click Apply

Now in Windows Server 2008R2 - How to Create an Event Log Event I showed you how to manually generate events. You can use this to create 10 failures and make sure the monitor is working correctly.


More to come!

Like this blog, give it a g+1
Posted by at 2 comments:
Labels: ,

Windows Server 2008R2 - Manually Create an Event Log Event

So leading up to my next SCOM 2012 post How to Generate Alerts From the Event Log I first wanted to go over how to manually create events so you can test your monitoring later. Knowing how to set this up can be helpful for other things besides SCOM. You can use this in your scripting to note in the event log that a script ran, or completed. This trick can be used to write to just about any event log you wish.

The eventcreate command is what you will use to do this. You can pull up a list of switches in eventcreate by using the /? switch.  

Switch Action
/S Specifies the remote system you will be creating the event on
/U The username that will be used to execute the command
/P The password for the username. You will be asked for a password if you do not supply one
/L The event log you want to write to (i.e. System, Security, Application, etc.)
/T Specify the level of criticality of the error, Success, Error, Warning, Information
/SO You can specify the source of the event if needed
/ID You can specify the event ID for this event (between 1 and 1000)
/D This is the description of the event in quotes, "This is a test event"

The example I will be using in my next segment is:
eventcreate /l application /t information /id 1000 /so SCOMTest /d "This is a test event"

This will create an event with the ID of 1000 and a source of SCOMTest in the Application log.



More to come!


Like this blog, give it a g+1
Posted by at No comments:
Labels:

Thursday, March 7, 2013

SCOM 2012 - How to Generate an Alert From a Log File

You may run across situations where you will be required to monitor log files to find specific entries and generate alerts based on those entries. This is actually quite easy to setup in SCOM 2012. You have the ability to comb through both .txt and .csv files and find specific events you can determine.

First go to the Authoring space.Then go to Management Pack Objects then Monitors. Go ahead and scope the list for Windows Computers. Expand out Windows Computers and Entity Health. Right Click on Availability and select Create a Monitor then Unit Monitor...

When the Create a unit monitor wizard opens up expand out Log Files then Text Log then Simple Event Detection. You have three choices here:
  • Event Reset - 2 States, Alert and Auto Resolve
  • Manual Reset - 1 State, Alert - Manually resolve
  • Timer Reset - 2 State, Alert and Auto Resolve (Time based)
For this example we will be using Event Reset which is a 2 State Monitor. Select Event Reset and determine which management pack this will be placed in and Click Next.

For General Properties, give the monitor a Name and a description if you like. The target should be Windows Computer and the Parent monitor should be Availability. I uncheck Monitor is enabled so I can enable it on specific servers later with an override later. Click Next

On the Application Log Data Source enter the path of the log file in Directory. In Pattern enter the name of the log file. If the log file has a static name you can enter it in, if the log file is dynamically generated you can use a wildcard (*) to denote the change. I.E. LogFile*.txt in place of LogFile01.txt, LogFile02.txt etc. Click Next

In Build Event Expression we will be setting the the first state which is the Error State. Click Insert. In Parameter Name type Params/Param[1], the Operator is Contains and the Value is the fail entry on the log file. In our text example it will be the word Down. Click Next

In Application Log Data Source we will be building our Second state which is the recovery state. Once again enter the location of the .txt file in Directory and the name of the file in Pattern. Click Next

For building the second expression Click Insert. Parameter name is Params/Param[1], the Operator is Contains and the Value is the recovery entry on the log file. For the recovery state we will be using the word Up. Click Next

In Configure Health we need to determine which state is which. For First Event Raised change it to Critical. For Second Event Raised Change that to Healthy. Click Next

Now we want to configure alerts for this monitor. Check the Box Generate alerts for this monitor. You can configure the alerts however fits your situation best. Click Create

The final step is to setup an override for the server you want to monitor. Right Click on the Monitor and select Overrides, then Override the Monitor then For a specific object of class: Windows Computer. You will be asked for the computer name, select it and Click OK. In the Override check the Enabled check box and change the Override Value to True. Click Apply

If you go into Health Explorer of the server you will now see under Availability the new monitor you just created. You can test the functionality by manually putting in the failed state criteria in the log file and saving it.


More to come!


If you like this blog, give it a g+1
Posted by at 9 comments:
Labels: ,

Monday, February 25, 2013

Windows 8 - Modify Lock Screen Timeout Period

So I am doing some tuning of my new Windows 8 Enterprise install and one of the things I like to change is the Lock Screen timeout. Essentially this is the setting that turns off your monitor(s) a minute after you lock your computer. If I am just stepping away for a moment I don't like to have to wake my monitors back up again every time I step away, especially if you have older monitors that take extra time to wake up.

So the first thing you need to do is enable the power setting that controls this feature in the registry. Copy the following code to a text file and save it as LockScreen.reg: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\8EC4B3A5-6868-48c2-BE75-4F3044BE88A7]

"Attributes"=dword:00000002
Go ahead and run the registry file once its created.

Once you have changed the registry setting go into the Control Panel then Power Options. From here you want to Change plan settings of the currently selected plan.

 Then you want to Change advanced power settings

In the Advanced settings scroll down and expand Display. Then expand Console lock display off timeout (which is the setting you enabled in the registry).  You can then adjust your timeout settings for On battery and Plugged in.

Once you have made your changes Click OK and you are done!


More to come!


If you like this blog give it a g+1
Posted by at No comments:
Labels:

Wednesday, February 6, 2013

Hyper-V - Importing a Server

In Hyper-V Exporting a Server I covered how to export a server out of Hyper-V. That process is fairly simple to execute. The importing process is a bit more complex and has a few more steps.

In the Actions pane Click Import Virtual Machine...

This will kick off the Import Virtual Machine wizard.On the Before You Begin Page Click Next

You will be asked to select the folder where your VM server is located. Before I began I went ahead and copied the entire VM folder for my server to its final location. This makes things easier down the road as I won't have to do a move after I import. Click Next

You will then be promped to select the virtual machine you wish to import. Make your selection and Click Next

Now you will be asked to choose the type of import you wish to perform. I selected Register the virtual machine in-place, since the server is not new and is in its final location.The second choice would be for if you are restoring from a backup, and the third would be if you are building a new machine from a template (I'll cover this in a later segment). Click Next

You will need to select the virtual network switch you want the VM to connect to. Since I just spun up this Hyper-V instance I haven't actually set up the network yet, so I left it Not Connected.Click Next

You will then be prompted to choose the virtual network switch for any snapshots that may be associated with this machine (if any). Same as before, I selected Not Connected.Click Next

You will be provided with an import summary. Click Finish to complete the import. This may take a few minutes depending on the size of the .vhdx files. You will see your newly imported VM in the Virtual Machines list pane when the import is complete.



More to come!


Like this blog, give it a g+1
Posted by at No comments:
Labels:

Hyper-V - Exporting a Server

There may come a time where you need to move a virtual machine from one Hyper-V server to another. In my case I recently upgraded my laptop from Windows 8 Consumer Preview to Windows 8 Enterprise. In doing so I also upgraded my hard drive to a 1TB solid state drive. I have several servers in my lab setup on my laptop which I did not want to rebuild so I had to go through the process of exporting out the machines on the old drive and import them back in on the new one. I will cover the import in another segment.

The steps to export a machine are pretty simple actually. Once the VM is off simply Right Click on the one you want to export and Click Export

You will then be asked to select an export location where you want to save the files.

Once the export is complete you will be able to import them to the new machine. Simple Right?


More to come!


If you like this blog give it a g+1
Posted by at No comments:
Labels:

SCOM 2012 - System Error 5 (0x00000005): Access is Denied

So I ran into this one during a recent deployment where we were trying to install the SilverLight Client Configuration plugin for the Web console on some of the service team's desktops. System Error 5 (0x00000005): Access is Denied

As it turns out a lot of the team is locked down pretty tight security wise and they don't have local admin rights for their PC's.

The easy fix is to Right Click on the SilverLight Client Configuration install and Run as administrator or else add the logged in user as a local administrator on the machine.

Once you do this the client will install normally, and you will be able to load the web page.


More to come!


Like this blog, give it a g+1
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)