none
Netlogon not read by SCOM?

Answers

  • SO at this point you can map the data in the event to the proper custom parameter rather easily. Click on the event on SCOM and scroll to Event Data.....it will look something like this:

    As you can see, 1st instance of Data Name translates to Parameter 1 so if there is something in this field you want, it would be entered in Parameter 1. The second instance is Parameter 2 and so on.

     

    Walter Chomak | Mobieus Systems | www.mobieus.com

    • Marked as answer by Felyjos Saturday, October 26, 2013 6:17 PM
    Friday, October 25, 2013 8:14 PM
  • This is working when changing the list of parameters from AND to OR...not sure how it got changed.

    I have a flood of events now...

    Checking how to report on them now...

    Thanks,
    Dom

     

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    • Marked as answer by Felyjos Saturday, October 26, 2013 6:17 PM
    Friday, October 25, 2013 8:00 PM

All replies


  • System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Friday, October 25, 2013 7:00 PM
  • Lets start broad. Begin with a collection rule for this log and verify it is collecting data. Since you are using a wild card for custom parameters, there is no need to specify. Target "Windows Server Operating System" and disable by default then use an override to turn on for just one server which has this log.

    Create a corresponding event view which shows just this computer, that is how you can verify the data is coming through. Once you know you are collecting, we can disable and build the Alert Generating Rule. What will fire the Alert though? What is the criteria?


    Monitoring Information Center | Infinity On-Line | support@mobieus.com

    Friday, October 25, 2013 7:32 PM
  • This is working when changing the list of parameters from AND to OR...not sure how it got changed.

    I have a flood of events now...

    Checking how to report on them now...

    Thanks,
    Dom

     

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    • Marked as answer by Felyjos Saturday, October 26, 2013 6:17 PM
    Friday, October 25, 2013 8:00 PM
  • Hi,

    As per the snapshot you have created a .csv file monitoring. pls create a log file rule

    And there is no need to use so many params.

    You can change the rule type and directly to Windows Servers. Keep it disabled and override it by Active Directory DC and Global Catalog Role (Windows 2008 Server). This will solve the purpose.

    Thanks.


    Priyabrata


    • Edited by PriyabrataSethi Friday, October 25, 2013 8:13 PM Additional information added.
    • Proposed as answer by PriyabrataSethi Friday, October 25, 2013 8:13 PM
    Friday, October 25, 2013 8:12 PM
  • SO at this point you can map the data in the event to the proper custom parameter rather easily. Click on the event on SCOM and scroll to Event Data.....it will look something like this:

    As you can see, 1st instance of Data Name translates to Parameter 1 so if there is something in this field you want, it would be entered in Parameter 1. The second instance is Parameter 2 and so on.

     

    Walter Chomak | Mobieus Systems | www.mobieus.com

    • Marked as answer by Felyjos Saturday, October 26, 2013 6:17 PM
    Friday, October 25, 2013 8:14 PM