none
Needs to Monitor 2 Consecutive Windows Events from Application Log

    Question

  • Hi All,

    We got a requirement to Monitor two consecutive events  and the details below..

    A and B are the events, They have to occur consecutively with in 60 seconds, If not then Monitor needs to trigger the alert.

    Event B should occur with in 60 seconds after the occurance of Event A.

    Can  you please suggest how to achieve this?

    Thanks in advance.

    Regards

    Karthick Malayalan

    Friday, December 05, 2014 4:43 PM

Answers

All replies

  • Hi!

    Anything that makes the Consecutive Event Monitor not working for your scenario?

    Patrick


    Please remember to click “Mark as Answer” on the post that helped you.
    Patrick Seidl (System Center and Private Cloud)
    Website: http://www.syliance.com
    Blog: http://www.systemcenterrocks.com

    Friday, December 05, 2014 5:25 PM
  • Hi Patrick,

    I would like to know, What type of Monitor we have to use to achieve this scenario?

    Regards

    Karthick Malayalan

    Saturday, December 06, 2014 9:28 AM
    1. Under Authoring, Monitor, create a new unit monitor. Choose Correlated Missing Event Detection.
    2. Enter a proper name and description and choose your target (Windows Computer would be all).
    3. Select the event log for the event that resets your monitor back to healthy (if you’ve choosen event reset above).
    4. Enter the event ID and the source. You can take the single occurring of event ID 2 as a reset.
    5. Choose the event log where the first event is logged.
    6. Enter the event ID for the first event you’re expecting
    7. Choose the event log for the second event
    8. Enter the event ID for the second event you’re expecting
    9. Choose the correlation mode, here B must follow A within 60sec.
    10. Select the missing event as warning and in the other as healthy (could be timer reset either).
    11. Configure the alert settings as you’d like to see the alert in the alert views.

    Let me know if you need screenshots to make that done.

    Cheers,
    Patrick


    Please remember to click “Mark as Answer” on the post that helped you.
    Patrick Seidl (System Center and Private Cloud)
    Website: http://www.syliance.com
    Blog: http://www.systemcenterrocks.com


    Sunday, December 07, 2014 7:44 PM
  • Using Correlated Missing Events
    http://technet.microsoft.com/en-us/library/hh457587.aspx

    Roger

    Monday, December 08, 2014 3:36 AM
  • Hi Patrick,

    Thank you very much for detailed information.

    I followed the same to create the monitor, but it is not functioning properly.  It would be great If you share me the details with screen shot. so that I can do it without any mistakes.

    Regards

    Karthick Malayalan

    Monday, December 08, 2014 2:14 PM
  • Karthick,

    unfortunately it is not possible to post with more than 2 images. So I dropped it on my blog:

    http://www.systemcenterrocks.com/2014/12/correlated-missing-event-detection.html

    HTH,
    Patrick


    Please remember to click “Mark as Answer” on the post that helped you.
    Patrick Seidl (System Center and Private Cloud)
    Website: http://www.syliance.com
    Blog: http://www.systemcenterrocks.com

    • Marked as answer by MKarthick Tuesday, December 09, 2014 8:18 AM
    Monday, December 08, 2014 5:15 PM
  • Thanks a lot Patrick!!!!

    I will check and update you with the results.  Thanks once again.

    Regards

    Karthick Malayalan

    Monday, December 08, 2014 6:18 PM
  • Many Thanks Patrick!!!!!!!!!!!!!!!!!!!

    It is working perfectly.

    Regards

    Karthick Malayalan

    Tuesday, December 09, 2014 8:19 AM
  • Great! You're welcome.

    Have a great day,
    Patrick


    Please remember to click “Mark as Answer” on the post that helped you.
    Patrick Seidl (System Center and Private Cloud)
    Website: http://www.syliance.com
    Blog: http://www.systemcenterrocks.com

    Tuesday, December 09, 2014 8:52 AM