Share via

Howto create a generic text log (alert) in SCOM 2007 or SCE

  • Article

 

Howto create a generic text log (alert)

 

From Authoring, right click on "rules", and select "Create  a new rule..."

Select "Generic Text Log (Alert)", and your target management pack

Enter the rule name, and description. Hit Select to pick a target.

In this case, I am selecting the "Windows Server" Target.

Enter the location of the log. If you expect the log file to change names (ie test07072007.log), you could use something like test*.log. This pattern should only match 1 active log at a time

On the next screen, enter in "Params/Param[1]" into the Parameter box. For operator, enter what you need, I used "Matches wildcard" in this example.. For value, enter the text you are looking for.

Modify your alert priority/severity and description, then click create.

Comments

  • Anonymous
    January 01, 2003
    Some people have asked how to get event data into the Alert Description. Here are some values you can use: In a rule, use the following variables to display event properties: Event Category: $Data/EventCategory$ Event ID: $Data/EventDisplayNumber$ Event Level (i.e. Error, Warning, Information): $Data/EventLevel$ Note: In the alert description, the Event Level variable displays 1 for Error, 2 for Warning and 4 for Information. Event Source: $Data/PublisherName$ Full Event Number (typically the same as Event ID): $Data/EventNumber$ Logging Computer: $Data/LoggingComputer$ Logname (i.e. Application, System, Security): $Data/Channel$ User: $Data/UserName$ Event Description: $Data/EventDescription$ Custom Parameters: $Data/Params/Param[1]$ $Data/Params/Param[2]$ etc. In a monitor, use the following variables to display event properties: Event Category: $Data/Context/EventCategory$ Event ID: $Data/Context/EventDisplayNumber$ Event Level (i.e. Error, Warning, Information): $Data/Context/EventLevel$ Note: In the alert description, the Event Level variable displays 1 for Error, 2 for Warning and 4 for Information. Event Source: $Data/Context/PublisherName$ Full Event Number (typically the same as Event ID): $Data/Context/EventNumber$ Logging Computer: $Data/Context/LoggingComputer$ Logname (i.e. Application, System, Security): $Data/Context/Channel$ User: $Data/Context/UserName$ Event Description: $Data/Context/EventDescription$ Custom Parameters: $Data/Context/Params/Param[1]$ $Data/Context/Params/Param[2]$ etc.

  • Anonymous
    January 01, 2003
    The previous comment i posted will work for most alerts/monitors Here is the data that will work for the text log alert: "Log File Directory : $Data/EventData/DataItem/LogFileDirectory$ LogFile name: $Data/EventData/DataItem/LogFileName$ String: $Data/EventData/DataItem/Params/Param[1]$"

  • Anonymous
    December 27, 2010
    Getting the following error when I click on any image files Media Galleries Temporarily Disabled The administrator has temporarily disabled the media galleries. Thx

  • Anonymous
    March 04, 2011
    My question is how can I montior for more than one parameter, I add aditional critera that both must be true in order to generate the alarm but I get nothing.