MonitoringwinEvent Part3

System Center Operations Manager 2007
Tarek Online!
System Center Operation manager 2007

Monitoring Windows Event using Operations manager 2007
Missing Event detection unit monitors Guide
Wednesday , 25 July 2007 Version: 1.00 Part 3
Prepared by: Tarek Ismail Mohamed Infrastructure Consultant Management Solution Consultant Tarek_877@hotmail.com
Tarek online! System Center Operations Manager 2007 in Egypt http://tarek-online.blogspot.com Cairo-Egypt
Page 1- 19
Tarek Online!
Table of Contents
1. 2. OVERVIEW .................................................................................................. 3 MISSING EVENT DETECTION UNIT MONITORS ............................................ 4 MANUAL RESET UNIT MONITOR ............................................................................ 4 TIMER RESET UNIT MONITOR .............................................................................. 4 EVENT RESET UNIT MONITOR .............................................................................. 4
1. 2. 3. 3. 4. 5.
MANUAL RESET UNIT MONITOR WALKTHROUGH ......................................... 5 TIME RESET UNIT MONITOR WALKTHROUGH ............................................ 10 EVENT RESET UNIT MONITOR WALKTHROUGH .......................................... 15
Page 2- 19
Tarek Online!
1. Overview
Monitoring windows Event with operations manager 2007 provide us with other way to monitor our server. Monitor the missing events in the windows event log is another way to keep your eyes on the running windows system. You can monitor the event log file within a specified time to check if this event is missed or not. For example, every Sunday morning from 8:00 AM to 10:00 AM a third party application do a special task and after the successful end of this task , I will get an event in the application event log of the server, and I have more than 20 server has the same application Surprise, in a normal way I will open the event viewer of each server and search for this event during this time, this will be a time consuming job for me, and this day will be my worst day in my week to do this. But if you have Microsoft Operations Manager 2007, you can configure a monitor to check this server at this time; if the event is located I will not be notified and the system is running well. But if the monitor did not find this event at this time, the health state of the server will be change to warning or critical state, and I have an option to fire alert with preconfigured setting. Also, when the health state was changed to non healthy state as you configure the monitor, when the server will be in healthy state again? Microsoft operation manager 2007 provides us with 3 ways to reset the health state: Manual reset Timer reset Windows event reset In this guide, we will discuss how to configure a unit monitor to monitor missing windows event. Configure missing event detection unit monitor is the easy one in windows event detection unit monitor.
Page 3- 19
Tarek Online!
2. Missing Event detection unit monitors

Missing event detection is used to monitor a missing event in the windows event log within a specified time or based on simple schedule. The monitor can monitor the missing event in all standard windows event log file like application, system, security, power shell, directory service,. Also any non Microsoft event log files which appear in the event viewer can be monitored Three types of missing event detection unit monitor are available:
1. Manual reset unit monitor

This unit monitor used to monitor a missing event in the event log within a specific time, the status of monitoring target will be changed according to the setting to critical or warning. The status of the monitored target will not be changed until manual reset is happened to reset the healthy status.
2. Timer reset unit monitor

This unit monitor used to monitor a missing event in the event log within a specific time, the status of monitoring target will be changed according to the setting to critical or warning. After a configured time in this monitor unit the status of the monitored target will be changed without any action needed.
3. Event reset unit monitor

This unit monitor used to monitor a missing event in the event log within a specific time, the status of monitoring target will be changed according to the setting to critical or warning. When another event raised on the monitored target with a configured setting in the unit monitor, the status of the monitored target will be changed without any action
Page 4- 19
Tarek Online!
3. Manual reset unit monitor walkthrough

In this walkthrough we will create a missing event detection manual reset unit monitor with the following criteria Log Name: system Event ID: 50 Event source: Egypt Monitor target: Agent Monitored time: Sunday from 1:00PM to 8:00 PM Thursday from 1:00PM to 8:00 PM When the event was missed in the specified time, the health state will be change to be warning, and alert will be fired. This Event is related to the configuration of the monitored target. The health state needs a manual reset to change the health state On authoring pane ,expand management pack object, and choose monitors Right-click on monitors and choose created monitor, then choose Unit Monitor. Expand windows events, then Missing event detection Choose manual reset, select a Management Pack from the Select destination management pack list, and click Next.
On General properties screen of the monitor type the name of the monitor and the description, on the monitor target click select and choose Agent, on the parent monitor expand and choose configuration, ensure the monitor is enabled by check the box of monitor is enabled, the click Next.
Page 5- 19
Tarek Online!
On event log screen, click on () to browse the computers and logs, choose the system event log, and then click Next.
On event expression screen, build the expression which will be used to search for the event using the parameter name and operators and value. The Event ID Equal 50, Event source will be Egypt, Click Next to continue.
Page 6- 19
Tarek Online!
On missing event settings screen, you can configured the monitored time based on fixed weekly schedule or fixed simple recurring schedule Choose based on fixed weekly schedule, click add configure the time to be 1:00PM to 8:00 PM, configure days to be Sunday and Thursday, and then click Next.
Page 7- 19
Tarek Online!
On configure health screen, configure when the event is missed the health state will changed to Warning, and when the manual event reset happened the health state will be changed to healthy, and click Next.
On Configure Alerts screen, set the properties of the alert and then click Create.
Page 8- 19
Tarek Online!
At this time the monitor was created, in case you need to check the monitor setting or edit it, select the monitor and Right-click and choose properties. The entire monitor setting can be changed except the monitor target and the monitor type. In this guide we will not test the created monitor due to a long time is required to check this settings, but if you wait the health state will be changed and the alert will be fired.
Page 9- 19
Tarek Online!
4. Time reset unit monitor walkthrough

In this walkthrough we will create a Missing event detection timer reset unit monitor with the following criteria: Log Name: directory service Event ID: 120 Event source: DS service Monitor target: Agent Monitoring time: fixed schedule time, 2 hours period. Auto reset timer: 15 minutes When the event was missed within 2 hours, the health state will be change to be warning. This Event is related to the performance of the monitored target. The health state will be changer after 15 minutes to Healthy. On authoring pane ,expand management pack object, and choose monitors Right-click on monitors and choose created monitor, then choose Unit Monitor. Expand windows events, then Missing event detection Choose Timer reset, select a Management Pack from the Select destination management pack list, and click Next.
On General properties screen of the monitor type the name of the monitor and the description, on the monitor target click select and choose Agent, on the
Page 10- 19
Tarek Online!
parent monitor expand and choose performance, ensure the monitor is enabled by check the box of monitor is enabled, the click Next.
On event log screen, click on () to browse the computers and logs, choose the Directory service event log, and then click Next.
Page 11- 19
Tarek Online!
On event expression screen, build the expression which will be used to search for the event using the parameter name and operators and value. The Event ID Equal 120, Event source Equal DS service.
On Missing Events Settings screen, configure the consolidation settings to use fixed recurring schedule with a period 2 hours.
Page 12- 19
Tarek Online!
On auto reset timer screen, specify the wait time before trigger the auto rest state of the monitor to be 15 minutes , and then click Next
On configure health screen, configure when the event raised the health state will changed to Warning, and when the timer event raised, the health state will be changed to healthy, and click Next.
Page 13- 19
Tarek Online!
On Configure Alerts screen, set the properties of the alert and then click Create.
The monitor was created and configured; you can edit the monitor by Right-click on the monitor and choose properties.
Page 14- 19
Tarek Online!
5. Event reset unit monitor walkthrough

In this walkthrough we will create Missing event detection with Windows event reset unit monitor with the following criteria: Log Name: Application Event ID: 220 Event source: SAP Event type: information Monitoring time: 1:00 AM to 4:00 AM all the week days The windows event reset criteria Log Name: Application Event ID: 200 Event source: SAP Monitor target: Agent When the event was missed through the monitoring time, the health state will be change to be warning This Event is related to the Configuration of the monitored target. The health state will be changed after the second event ID was raised and the Health state will be changed to Healthy On authoring pane, expand management pack object, and choose monitors Right-click on monitors and choose created monitor, then choose Unit Monitor. Expand windows events, then Missing event detection Choose Windows Event Reset, select a Management Pack from the Select destination management pack list, and click Next.
Page 15- 19
Tarek Online!
On General properties screen of the monitor type the name of the monitor and the description, on the monitor target click select and choose Agent, on the parent monitor expand and choose configuration, ensure the monitor is enabled by check the box of monitor is enabled, the click Next.
On event log screen, click on () to browse the computers and logs, choose the Application event log, and then click Next.
Page 16- 19
Tarek Online!
On event expression screen, build the expression which will be used to reset the health state. The Event ID Equal 200, Event source will be SAP. Notes: this event is not the missed event; this event will be used to reset the health state.
In Missing event log name screen, click on () to browse the computers and logs, choose the Application event log, and then click Next.
Page 17- 19
Tarek Online!
In rebuild Missing event Expression screen, build the expression which will be used to search for the event using the parameter name and operators and value. The Event ID Equal 220, Event source will be SAP, Event level Equal information, and Click Next.
On Missing Event detection configuration screen, configure the consolidation settings to monitor within 1:00AN to 4:00AM through all the days of the week.
Page 18- 19
Tarek Online!
On configure health screen, configure when the event is missed the health state will changed to warning , and when windows event reset happened the health state will be changed to healthy, and click Next.
On Configure Alerts screen, click Next without configure the alert.
Now the monitor was created, you can reconfigure the monitor and change the monitor setting by Right-click on the monitor and choose properties.
Page 19- 19

MonitoringwinEvent Part3

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

MonitoringwinEvent Part3

Transféré par

Droits d'auteur :

Formats disponibles

System Center Operations Manager 2007

System Center Operation manager 2007

Wednesday , 25 July 2007 Version: 1.00 Part 3

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

2. Missing Event detection unit monitors

1. Manual reset unit monitor

2. Timer reset unit monitor

3. Event reset unit monitor

System Center Operations Manager 2007

3. Manual reset unit monitor walkthrough

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

4. Time reset unit monitor walkthrough

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

5. Event reset unit monitor walkthrough

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

System Center Operations Manager 2007

On Configure Alerts screen, click Next without configure the alert.

Vous aimerez peut-être aussi