Skip to main content

SCOM Test Event Based Rule by creating a Fake event

Sometimes we need to create a rule for alerts using the Windows Event Ids

I had a situation to alert on one such event:

Event 6008  which is logged as a dirty shutdown. It gives the message "The previous system shutdown at time on date was unexpected"

In order to create a Rule for unexpected Shutdown : i used the following method

http://dynamicdatacenter.wordpress.com/2012/10/09/quick-win-scom-alert-rule-to-detect-server-reboot-shutdown/



Configuration for the Rule:

 -System Log
- Event ID: 6008
- Event Source: EventLog



In order to test the monitor we can create a fake event using many methods: e.g using vbscript , eventcrete , logevent , powershell ,OpsMgr Script

Each one has its Pro's and Con's
http://ianblythmanagement.wordpress.com/2008/08/25/create-events/

I used the following powershell to create the fake event

Write-EventLog -Logname System -Source EventLog -EventId 6008 -Message "This is a Fake Event"-EntryType ERROR

Hope this helps



Comments

Popular posts from this blog

Group Policy Object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done

One of our servers was losing the Local Admin settings as we control them using GPO (restricted Groups) We were receiving the following event on this particular server : Event ID 4098 Application Event Log The computer 'Administrators (built-in)' preference item in the 'Servers Local Admins {odjd9DBD-22AF-48EA-ADF5-F42ADE4182hst}' Group Policy Object did not apply because it failed with error code '0x80070534 No mapping between account names and security IDs was done.' This error was suppressed. To fix the issue we deleted all the folders from the following location and rebooted the server C:\ProgramData\Microsoft\Group Policy\History Hope this helps.

iDRAC 7 Shows no Signal in Virtual Console Preview

Recently i logged on to iDRAC for one of our Dell R720 servers,however somehow the console redirection did not work at all. I kept on seeing No Signal on the Virtual console Preview. I tried Rebooting the server but that did not help. Finally i clicked on Reset iDRAC and this did the trick. It may take around 2 -5 minutes before you can access iDRAC page again. I had to power on the server through iDRAC before anything showed up on console. Hope this Helps.

Citrix XenApp 6.5 Discovery fails Event 3989

Citrix XenApp 6.5 Service account password change caused console discovery to fail and we saw event ID 3989 in System Event logs "Citrix XenApp failed to connect to the Data Store. ODBC error while connecting to the database: 28000 -> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication." After changing the service account password needed to run the following command on the delivery controllers. DSMAINT CONFIG /user:abc\ABCSVCCitrix /pwd:nP@ssword /dsn:"C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn" Restart IMA service You should now be able to run the discovery successfully Hope this helps