locked
Simple Alert setup for a EventCreate generated action in SC07 RRS feed

  • Question

  • We are trying to setup a rule to identify and alert on a batchfile generated ID that we create on the source system that gets placed in the SYSTEM log.

     

    We have tried many times using the rule wizard to do so but I'm sure we are missing something. 

    • We have tried creating a new MGT Pack and rule inside. 
    • We have tried using an existing group and the default MGT pack.

     

    We just want to target a single server     ( reguardless of its discovered applications) and read the SYSTEM log and alert on an event ID of 667 (One we created using EventCreate)

     

    We would like set the alert subscription to a small group of individuals.

     

    HELP !!!

     

    Thanks.

    Thursday, May 22, 2008 3:40 PM

Answers

  • Hi,

    Please try the following steps to create a monitor which will generate a alert of event id 667:

    1. Open SCE console, navigate to Authoring space.

    2. Expand Management Pack Object, Right Click monitor, choose "craet a monitor" - "unit monitor".

    3. Select the type as "Windows Event" - "Simple Event Detection" - "Manual Reset". the destination management pack is "default management pack".

    4. Specify the name and description, choose the monitor target as "Agent", the parent monitor is "Entity Health".

    5. Specify the log name.

    6. In the Evetn expression, delete Event source, and make sure Event ID equals 667.

    7. In the "Configure Alerts", select "generate alerts for this monitor, then create the monitor.

    --------------------
    Regards,
    Eric Zhang



    Monday, May 26, 2008 6:37 AM
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios.


    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks!
    --------------------
    Regards,
    Eric Zhang

    Friday, May 30, 2008 2:53 AM
  • Hi Eric,

     

    This works but I would like to be specific on the subscription notification to specific users. How do we set alerts to a specific group?

     

    Thanks in advance.  We really appriciate your help !!!!    

     

    Todd

    Thursday, June 19, 2008 5:25 PM
  • Hi Todd,

    You can set SCE to send notifications to the specific group or users.

    For how to set up notifications in SCE, please see the article below:

    How to Configure Notifications in System Center Essentials

    http://technet.microsoft.com/en-us/library/bb437250(TechNet.10).aspx

    --------------------
    Regards,
    Eric Zhang



    Monday, June 23, 2008 10:10 AM

All replies

  • Hi,

    Please try the following steps to create a monitor which will generate a alert of event id 667:

    1. Open SCE console, navigate to Authoring space.

    2. Expand Management Pack Object, Right Click monitor, choose "craet a monitor" - "unit monitor".

    3. Select the type as "Windows Event" - "Simple Event Detection" - "Manual Reset". the destination management pack is "default management pack".

    4. Specify the name and description, choose the monitor target as "Agent", the parent monitor is "Entity Health".

    5. Specify the log name.

    6. In the Evetn expression, delete Event source, and make sure Event ID equals 667.

    7. In the "Configure Alerts", select "generate alerts for this monitor, then create the monitor.

    --------------------
    Regards,
    Eric Zhang



    Monday, May 26, 2008 6:37 AM
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios.


    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks!
    --------------------
    Regards,
    Eric Zhang

    Friday, May 30, 2008 2:53 AM
  • Hi Eric,

     

    This works but I would like to be specific on the subscription notification to specific users. How do we set alerts to a specific group?

     

    Thanks in advance.  We really appriciate your help !!!!    

     

    Todd

    Thursday, June 19, 2008 5:25 PM
  • Hi Todd,

    You can set SCE to send notifications to the specific group or users.

    For how to set up notifications in SCE, please see the article below:

    How to Configure Notifications in System Center Essentials

    http://technet.microsoft.com/en-us/library/bb437250(TechNet.10).aspx

    --------------------
    Regards,
    Eric Zhang



    Monday, June 23, 2008 10:10 AM