How to Create a Simple Windows Event Unit Monitor in Operations Manager 2007

Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1

Event unit monitors in Microsoft Windows can be one of three types: manual reset, timer reset, and Windows event reset.

A manual reset monitor changes the health state of the monitor to unhealthy when a specified event is generated. The monitor health state must be reset manually to return the monitor state to healthy.

A timer reset monitor changes the health state of the monitor to unhealthy when a specified event is generated. After a period of time that you specify, the health state returns to healthy and remains there until the specified event is again generated. The period of time that you can specify can range from one second or to 24,855 days.

A Windows event reset type of unit monitor detects two events: the first event changes the state of the monitor to unhealthy and the second event changes the state of the monitor to healthy.

Use the following procedure to create a Windows event reset unit monitor.

To create a simple Windows event reset unit monitor

  1. Log on to the computer with an account that is a member of the Operations Manager Administrators user role or Operations Manager Authors user role for the Operations Manager 2007 management group.

  2. In the Operations console, click the Authoring button.

  3. In the Authoring pane, expand Authoring, expand Management Pack Objects, and then click Monitors.

  4. Click Change Scope.

  5. In the Scope Management Pack Objects dialog box, in the Find text box, type Windows Computer, select the Windows Computer target check box, and then click OK.

  6. In the Monitors pane, expand Windows Computer, expand Entity Health, right-click Availability, point to Create a monitor, and then click Unit Monitor.

  7. In the Create Monitor Wizard, on the Select a Monitor Type page, expand Windows Events, expand Simple Event Detection, click Windows Event Reset, and then click Next.

    Note

    You can either select a management pack from the Select destination management pack list or create a new unsealed management pack by clicking New. By default, when you create a management pack object, disable a rule or monitor, or create an override, Operations Manager saves the setting to the Default Management Pack. As a best practice, you should create a separate management pack for each sealed management pack you want to customize, rather than saving your customized settings to the Default Management Pack. For more information, see Default Management Pack.

  8. On the General Properties page, in the Name box, type a name for the Windows event unit monitor, and then as an option, you can type a description.

  9. In the Parent monitor list, click the appropriate parent monitor, and then click Next.

  10. On the Event Log Name page (for the unhealthy event), under Log name, click the () button.

  11. On the Select event log page, under Computer, click the () button or type the name of the computer, click one of the available event logs, and then click OK.

  12. On the Event Log Name page, click Next.

  13. On the Build Event Expression page (for Unhealthy Event), set Event ID equal to the Windows Event ID that you want to monitor, such as 100. Set Event Source equal to the source of the event, such as EventCreate, and then click Next.

    Note

    Event ID and Source are properties of an event and can be viewed in the Windows Event Viewer.

  14. On the Event Log Name page (for Healthy Event), under Log name, click the () button.

  15. On the Select Event Log page, under Computer, click the () button or type the name of the computer, click one of the available event logs, and then click OK.

  16. On the Event Log Name page, click Next.

  17. On the Build Event Expression page (for Healthy Event), set Event ID equal to the Windows Event ID that you want to monitor, set Event Source equal to the source of the event, and then click Next.

    Note

    Event ID and Source are properties of an event and can be viewed in the Windows Event Viewer.

  18. On the Configure Health page, do the following:

    1. For the FirstEventRaised row, click the name in the Operational State column and type a new name for this event, click health state in the Health State column, and then click Critical or Warning.

    2. For the SecondEventRaised row, click the name in the Operational State column and type a new name for this event, click health state in the Health State column, and then click Healthy.

    3. Click Next.

  19. On the Configure Alerts page, use the default settings or select the Generate alerts for this monitor checkbox to set custom properties for the alert, and then click Create.

    Note

    You can test the functionality of the event monitor with the eventcreate.exe command-line utility that is included with Windows XP and Windows Server 2003 operating systems. The following is an example: C:\WINNT\system32\eventcreate.exe /L SYSTEM /ID 100 /T ERROR /D "System Event ID 100 from source EventCreate" For more information about EventCreate, see https://go.microsoft.com/fwlink/?LinkId=79244.