locked
Missing event detection monitor is not working as expected RRS feed

  • Question

  • Hi Team,

    We have created missing event detection monitor (Timer Set) and getting alerts even that event present in the Server Event Application Log.

    Just we gave to Event ID, Source, Type to match.

     

     

    Wednesday, June 15, 2011 10:41 AM

Answers

  • There's a known issue with the missing event detection monitor. Create a support case and they will hand you a workaround...


    Rob Korving
    http://jama00.wordpress.com/
    • Proposed as answer by Marc Klaver Thursday, June 16, 2011 7:48 AM
    • Marked as answer by Vivian Xing Wednesday, June 22, 2011 9:30 AM
    Wednesday, June 15, 2011 11:04 AM

All replies

  • Hi,

    Can you post here your monitor's code (XML)?


    http://OpsMgr.ru/
    Wednesday, June 15, 2011 10:46 AM
  • There's a known issue with the missing event detection monitor. Create a support case and they will hand you a workaround...


    Rob Korving
    http://jama00.wordpress.com/
    • Proposed as answer by Marc Klaver Thursday, June 16, 2011 7:48 AM
    • Marked as answer by Vivian Xing Wednesday, June 22, 2011 9:30 AM
    Wednesday, June 15, 2011 11:04 AM
  • you dont have to anymore, cu5 has been released and includes the fix.
    Rob Korving
    http://jama00.wordpress.com/
    Friday, August 5, 2011 10:52 AM

  • Hello Team,


    I have an issue with the missing monitor configuration in CU5.

    Requirement: need to alert if the even id 9000 do not occur on a server for 30 minutes for 24/7.

    I have set up a missing event monitor that detects when the event 9000 doesn’t occur on server in 30 minutes and set it to critical. It also resets to healthy when it sees the 9000 event.


    Issue:

    For some reason this monitor goes to critical even though the event 9000 was logged on the server.

    Herewith I enclosed the monitoring configuration for your referance . Please correct me in monitoring configuration and suggest me in fixing this issue.

          <UnitMonitor ID="TestMP.Custom.Missing.Event9000.Application.AlertMonitor" Accessibility="Internal" Enabled="true" Target="TestMP.BY2MWC" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.MissingEventLogSingleEventLog2StateMonitorType" ConfirmDelivery="true">
            <Category>Custom</Category>
            <AlertSettings AlertMessage="TestMP.Custom.Missing.Event9000.Application.AlertMonitor_AlertMessageResourceID">
              <AlertOnState>Error</AlertOnState>
              <AutoResolve>false</AutoResolve>
              <AlertPriority>Normal</AlertPriority>
              <AlertSeverity>Error</AlertSeverity>
            </AlertSettings>
            <OperationalStates>
              <OperationalState ID="UIGeneratedOpStateIdeb52d79f01314758a4a911d5672174e2" MonitorTypeStateID="MissingEventRaised" HealthState="Error" />
              <OperationalState ID="UIGeneratedOpStateId426dce4a4dd542699a1ae76bf65163c6" MonitorTypeStateID="EventRaised" HealthState="Success" />
            </OperationalStates>
            <Configuration>
              <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
              <LogName>Application</LogName>
              <Expression>
                <And>
                  <Expression>
                    <SimpleExpression>
                      <ValueExpression>
                        <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
                      </ValueExpression>
                      <Operator>Equal</Operator>
                      <ValueExpression>
                        <Value Type="UnsignedInteger">9000</Value>
                      </ValueExpression>
                    </SimpleExpression>
                  </Expression>
                  <Expression>
                    <SimpleExpression>
                      <ValueExpression>
                        <XPathQuery Type="String">PublisherName</XPathQuery>
                      </ValueExpression>
                      <Operator>Equal</Operator>
                      <ValueExpression>
                        <Value Type="String">CTS Watcher</Value>
                      </ValueExpression>
                    </SimpleExpression>
                  </Expression>
                </And>
              </Expression>
              <MissingComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</MissingComputerName>
              <MissingLogName>Application</MissingLogName>
              <MissingExpression>
                <And>
                  <Expression>
                    <SimpleExpression>
                      <ValueExpression>
                        <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
                      </ValueExpression>
                      <Operator>Equal</Operator>
                      <ValueExpression>
                        <Value Type="UnsignedInteger">9000</Value>
                      </ValueExpression>
                    </SimpleExpression>
                  </Expression>
                  <Expression>
                    <SimpleExpression>
                      <ValueExpression>
                        <XPathQuery Type="String">PublisherName</XPathQuery>
                      </ValueExpression>
                      <Operator>Equal</Operator>
                      <ValueExpression>
                        <Value Type="String">CTS Watcher</Value>
                      </ValueExpression>
                    </SimpleExpression>
                  </Expression>
                </And>
              </MissingExpression>
              <Consolidator>
                <ConsolidationProperties />
                <TimeControl>
                  <GenericSchedule>
                    <SimpleReccuringSchedule>
                      <Interval Unit="Minutes">30</Interval>
                    </SimpleReccuringSchedule>
                    <ExcludeDates />
                  </GenericSchedule>
                </TimeControl>
                <CountingCondition>
                  <CountMode>OnNewItemNOP_OnTimerOutputRestart</CountMode>
                </CountingCondition>
              </Consolidator>
            </Configuration>
          </UnitMonitor>

     


    sridhar v

     

    Monday, November 14, 2011 8:08 PM