Sometimes we need to create a rule for alerts using the Windows Event Ids
I had a situation to alert on one such event:
Event 6008 which is logged as a dirty shutdown. It gives the message "The previous system shutdown at time on date was unexpected"
In order to create a Rule for unexpected Shutdown : i used the following method
http://dynamicdatacenter.wordpress.com/2012/10/09/quick-win-scom-alert-rule-to-detect-server-reboot-shutdown/
Configuration for the Rule:
-System Log
- Event ID: 6008
- Event Source: EventLog
In order to test the monitor we can create a fake event using many methods: e.g using vbscript , eventcrete , logevent , powershell ,OpsMgr Script
Each one has its Pro's and Con's
http://ianblythmanagement.wordpress.com/2008/08/25/create-events/
I used the following powershell to create the fake event
Write-EventLog -Logname System -Source EventLog -EventId 6008 -Message "This is a Fake Event"-EntryType ERROR
I had a situation to alert on one such event:
Event 6008 which is logged as a dirty shutdown. It gives the message "The previous system shutdown at time on date was unexpected"
In order to create a Rule for unexpected Shutdown : i used the following method
http://dynamicdatacenter.wordpress.com/2012/10/09/quick-win-scom-alert-rule-to-detect-server-reboot-shutdown/
Configuration for the Rule:
-System Log
- Event ID: 6008
- Event Source: EventLog
In order to test the monitor we can create a fake event using many methods: e.g using vbscript , eventcrete , logevent , powershell ,OpsMgr Script
Each one has its Pro's and Con's
http://ianblythmanagement.wordpress.com/2008/08/25/create-events/
I used the following powershell to create the fake event
Write-EventLog -Logname System -Source EventLog -EventId 6008 -Message "This is a Fake Event"-EntryType ERROR
Hope this helps
Comments
Post a Comment