Tuesday, June 28, 2011

SCOM: Monitoring Windows Event Logs Using SCOM

Problem
1


Step: 1 Create a Monitor
Open “Authoring” Pane, select “Monitors”
2

Right click on “Monitors”, choose “Create a Monitor” and choose “Unit Monitor”
3
Expand “Windows Events” then expand “Simple event detection” and choose “Manual Reset” then choose you management pack where you are planning to save this “Monitor”
4
Type “Name” for this Monitor i am using “failure of Differential backup” and write a brief “Description” and in “Monitoring Target” i am choosing “Windows Server Operating System” because in my environment “Symantec backup exec” in installed on windows 2003 and 2008 servers, not click Next
5
choose the “Log Name” where your application write “event logs” in my case “Symantec Backup Exec” writes event in “Application Log” that’s why i choose “Application” now click on Next
6
Now we need to provide the Event ID and Event Source in Expression Builder so that is any event log matched this criteria created SCOM can alert us. In My case “Event ID is 34113” and Event Source is “Backup Exec” , now click on NEXT
7
Now we need to “Configure Health Conditions” so If “Event is Raised” then the status is “Warning” otherwise it is “Healthy” now click on “Next”
8
We need an alert when is Event is Created , so click on “Generate Alerts for this Monitor” and click on “Create”
9

Step: 2 Create a subscription
I am creating a New Subscription for it so that whenever this Event ID creates or Backup Job Fails then it should send an alert "our “Backup Administrators”
Click on “Administration” and Select “Subscriptions”
10
Right click on “Subscriptions” and choose “New Subscriptions”
11
Now Type “Subscription Name” and Description and click Next
12
In “Subscription Criteria” click on “Created by Specific rules or Monitors” and choose our previously created “Monitor” “Failure of Differential backup” and click on Next
13
Add users which intended to receive the alerts, after adding users click on NEXT
14 
Choose Channels by which you are going to send an alerts, in my case I am sending alerts using an email. click NEXT
15
Click on “Enable this notifications subscription” and click on Finish.
16

Step: 3 Testing
Now its time to test the monitor, I used Logevent.exe to create an demo alert in window Application Log. See this link to know more about Logevent utility.
18

Step: 4 Result
Bingo !!! It shows warning in SCOM Alert window.
19
and it also send me an email about this alert :-)
20