locked
Monitoring errors in the eventlog RRS feed

  • Question

  • I would like to monitor errors in the Windows System and Application eventlogs but can't find a simple way to do this. So far I have tried to:

    1) create a new monitoring event view, without selecting any filters - this mostly shows events from the Operations manager logs only

    2) In the monitoring pane -> select computers - > then open the Event View on each monitored computer. Again, this shows a lot of other events but not any from the System or Application logs.

    What I would like is simply one screen that shows ALL the errors in the App and Sys event logs. Is this possible?
    Thursday, June 11, 2009 12:59 AM

Answers

  • Hi,
     
    Normally you don't collect "ALL" events, instead you have monitors looking for specified events that are important for your services. But you can create a collection rule, NT Event, and configure it to pickup all ERROR and from Application log. then create another collection rule that do the same from System log. Then create a event view where you can see your events. That will collect them, but not generate an alert on anything.

    --

    Anders Bengtsson
    Microsoft MVP - Ops Mgr
    www.contoso.se
    "George777" wrote in message news:e70d2b95-f86b-480 5-879e-a9d8953a80c0...
    I would like to monitor errors in the Windows System and Application eventlogs but can't find a simple way to do this. So far I have tried to:

    1) create a new monitoring event view, without selecting any filters - this mostly shows events from the Operations manager logs only

    2) In the monitoring pane -> select computers - > then open the Event View on each monitored computer. Again, this shows a lot of other events but not any from the System or Application logs.

    What I would like is simply one screen that shows ALL the errors in the App and Sys event logs. Is this possible?
    • Marked as answer by Yog Li Wednesday, June 17, 2009 12:06 PM
    Thursday, June 11, 2009 5:22 AM

All replies

  • Hi,
     
    Normally you don't collect "ALL" events, instead you have monitors looking for specified events that are important for your services. But you can create a collection rule, NT Event, and configure it to pickup all ERROR and from Application log. then create another collection rule that do the same from System log. Then create a event view where you can see your events. That will collect them, but not generate an alert on anything.

    --

    Anders Bengtsson
    Microsoft MVP - Ops Mgr
    www.contoso.se
    "George777" wrote in message news:e70d2b95-f86b-480 5-879e-a9d8953a80c0...
    I would like to monitor errors in the Windows System and Application eventlogs but can't find a simple way to do this. So far I have tried to:

    1) create a new monitoring event view, without selecting any filters - this mostly shows events from the Operations manager logs only

    2) In the monitoring pane -> select computers - > then open the Event View on each monitored computer. Again, this shows a lot of other events but not any from the System or Application logs.

    What I would like is simply one screen that shows ALL the errors in the App and Sys event logs. Is this possible?
    • Marked as answer by Yog Li Wednesday, June 17, 2009 12:06 PM
    Thursday, June 11, 2009 5:22 AM
  • Hello George777,

    Just as Anders suggested, you can use the collection rule to monitor the eventlogs on the agents. Here are some general steps to create a Collection rule:

    1. Open the Operations console. Select the Authoring node. Expand Management Pack Objects. Right click on Rules and select Create a new rule.

    2. In the Create Rule Wizard under Collection Rules, expand Event Based and select NT Event Log. Select a new MP to store the new rule and click Next.

    3. On the General page, type the rule name. Change the rule category to Collection. Click the Select button and target the rule to Windows Server 2003 Operating System or other Operating System object which depends on the agent. Make sure the rule is enabled. Click Next.

    4. Select the Application or System log and click Next.

    5. Built the experssion to filter the events, such as “Event Level” “Contains” “Error” value. Click Next.

    6. Click Create.

    Thanks,


    Yog Li - MSFT
    Monday, June 15, 2009 10:40 AM
  • Hello,
    I am looking for the same results as George777.
    I have created the Rule as explained by Yog Li, but how do I get the results (Eventlog entries) in the main monitoring screen?

    Thanks,
    Tuesday, June 16, 2009 8:16 AM
  • Hi,
     
    If you have created a event collection rule, then create a event view to look at the events. they will not show up under active alerts, as we don't generate alerts with a collection rule.

    --

    Anders Bengtsson
    Microsoft MVP - Ops Mgr
    www.contoso.se
    Tuesday, June 16, 2009 9:16 AM