How to Create an Event Log Unit Monitor
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1, System Center Operations Manager 2007
Unit monitors are used to monitor specific counters, events, scripts, and services. You can set the monitor to generate an alert.
For an example of how to create a unit monitor to monitor a service see, How to Create a Unit Monitor.
The following code example shows how to create a unit monitor that monitors the event log for specific events.
//
// Creates an event log unit monitor.
//
using Microsoft.EnterpriseManagement;
using Microsoft.EnterpriseManagement.Administration;
using Microsoft.EnterpriseManagement.Common;
using Microsoft.EnterpriseManagement.Configuration;
using Microsoft.EnterpriseManagement.Monitoring;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Text;
namespace SDKSamples
{
class Program
{
//-------------------------------------------------------------------
static void Main(string[] args)
{
ManagementGroup mg;
ManagementPack mp;
MonitoringClass monitoringClass;
MonitoringClassCriteria monitoringClassCriteria;
ManagementPackUnitMonitor eventLogMonitor;
ManagementPackUnitMonitorType eventLogMonitorType;
mg = new ManagementGroup("localhost");
mp = mg.GetManagementPacks("SampleMP")[0];
monitoringClassCriteria = new MonitoringClassCriteria("DisplayName='Windows Server 2003 Operating System'");
monitoringClass = mg.GetMonitoringClasses(monitoringClassCriteria)[0];
eventLogMonitorType = mg.GetUnitMonitorTypes("Microsoft.Windows.2SingleEventLog2StateMonitorType")[0];
eventLogMonitor = new ManagementPackUnitMonitor(mp, "SampleEventLogMonitor", ManagementPackAccessibility.Internal);
eventLogMonitor.DisplayName = "Sample Event Log Monitor";
eventLogMonitor.TypeID = eventLogMonitorType;
eventLogMonitor.Target = monitoringClass;
ConfigureAlertSettings(eventLogMonitor, eventLogMonitorType, mp);
ConfigureHealthStates(eventLogMonitor);
SpecifyMonitorConfiguration(eventLogMonitor);
SpecifyParentMonitor(eventLogMonitor, mg);
mp.Verify();
//Save the changes into the management pack.
mp.AcceptChanges();
}
// ------------------------------------------------------------------
private static void SpecifyParentMonitor(
ManagementPackUnitMonitor eventLogMonitor,
ManagementGroup mg
)
{
ManagementPackAggregateMonitor parentMonitor;
MonitorCriteria monitorCriteria;
monitorCriteria = new MonitorCriteria("Name='System.Health.AvailabilityState'");
parentMonitor = (ManagementPackAggregateMonitor)mg.GetMonitors(monitorCriteria)[0];
eventLogMonitor.ParentMonitorID = parentMonitor;
}
//-------------------------------------------------------------------
private static void SpecifyMonitorConfiguration(
ManagementPackUnitMonitor serviceMonitor
)
{
string monitorConfig;
monitorConfig = @"<FirstComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</FirstComputerName>
<FirstLogName>Application</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""UnsignedInteger"">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""String"">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""String"">SampleSource</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</SecondComputerName>
<SecondLogName>Application</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""UnsignedInteger"">1</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""String"">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""String"">SampleSource</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</SecondExpression>";
serviceMonitor.Configuration = monitorConfig;
}
//-------------------------------------------------------------------
private static void ConfigureHealthStates(
ManagementPackUnitMonitor eventLogMonitor
)
{
ManagementPackUnitMonitorOperationalState healthyState;
ManagementPackUnitMonitorOperationalState errorState;
healthyState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorHealthyState");
errorState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorWarningState");
healthyState.HealthState = HealthState.Success;
healthyState.MonitorTypeStateID = "FirstEventRaised";
errorState.HealthState = HealthState.Warning;
errorState.MonitorTypeStateID = "SecondEventRaised";
eventLogMonitor.OperationalStateCollection.Add(healthyState);
eventLogMonitor.OperationalStateCollection.Add(errorState);
}
//-------------------------------------------------------------------
private static void ConfigureAlertSettings(
ManagementPackUnitMonitor eventLogMonitor,
ManagementPackUnitMonitorType unitMonitorType,
ManagementPack mp
)
{
eventLogMonitor.AlertSettings = new ManagementPackMonitorAlertSettings();
eventLogMonitor.AlertSettings.AlertOnState = HealthState.Error;
eventLogMonitor.AlertSettings.AutoResolve = true;
eventLogMonitor.AlertSettings.AlertPriority = ManagementPackWorkflowPriority.Normal;
eventLogMonitor.AlertSettings.AlertSeverity = ManagementPackAlertSeverity.Error;
ManagementPackStringResource alertMessage;
alertMessage = new ManagementPackStringResource(mp, "SampleEventLogMonitorAlertMessage");
alertMessage.DisplayName = "Sample Event Log Monitor alert";
alertMessage.Description = "The specified event was detected in the event log";
eventLogMonitor.AlertSettings.AlertMessage = alertMessage;
}
}
}
'
' Creates an event log unit monitor.
'
Imports Microsoft.EnterpriseManagement
Imports Microsoft.EnterpriseManagement.Administration
Imports Microsoft.EnterpriseManagement.Common
Imports Microsoft.EnterpriseManagement.Configuration
Imports Microsoft.EnterpriseManagement.Monitoring
Imports System
Imports System.Collections.Generic
Imports System.Collections.ObjectModel
Imports System.Text
Namespace SDKSamples
Class Program
Public Overloads Shared Function Main(ByVal args() As String) As Integer
Dim mg As ManagementGroup
Dim mp As ManagementPack
Dim monitoringClass As MonitoringClass
Dim monitoringClassCriteria As MonitoringClassCriteria
Dim eventLogMonitor As ManagementPackUnitMonitor
Dim eventLogMonitorType As ManagementPackUnitMonitorType
mg = New ManagementGroup("localhost")
mp = mg.GetManagementPacks("SampleMP")(0)
monitoringClassCriteria = New MonitoringClassCriteria("DisplayName='Windows Server 2003 Operating System'")
monitoringClass = mg.GetMonitoringClasses(monitoringClassCriteria)(0)
eventLogMonitorType = mg.GetUnitMonitorTypes("Microsoft.Windows.2SingleEventLog2StateMonitorType")(0)
eventLogMonitor = New ManagementPackUnitMonitor(mp, "SampleEventLogMonitor", ManagementPackAccessibility.Internal)
eventLogMonitor.DisplayName = "Sample Event Log Monitor"
eventLogMonitor.TypeID = eventLogMonitorType
eventLogMonitor.Target = monitoringClass
ConfigureAlertSettings(eventLogMonitor, eventLogMonitorType, mp)
ConfigureHealthStates(eventLogMonitor)
SpecifyMonitorConfiguration(eventLogMonitor)
SpecifyParentMonitor(eventLogMonitor, mg)
mp.Verify()
'Save the changes into the management pack.
mp.AcceptChanges()
End Function 'Main
' ------------------------------------------------------------------
Private Shared Sub SpecifyParentMonitor(ByVal eventLogMonitor As ManagementPackUnitMonitor, ByVal mg As ManagementGroup)
Dim parentMonitor As ManagementPackAggregateMonitor
Dim monitorCriteria As MonitorCriteria
monitorCriteria = New MonitorCriteria("Name='System.Health.AvailabilityState'")
parentMonitor = CType(mg.GetMonitors(monitorCriteria)(0), ManagementPackAggregateMonitor)
eventLogMonitor.ParentMonitorID = parentMonitor
End Sub 'SpecifyParentMonitor
'-------------------------------------------------------------------
Private Shared Sub SpecifyMonitorConfiguration(ByVal serviceMonitor As ManagementPackUnitMonitor)
Dim monitorConfig As String
monitorConfig = "<FirstComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</FirstComputerName>" & _
"<FirstLogName>Application</FirstLogName>" & _
"<FirstExpression>" & _
"<And>" & _
"<Expression>" & _
"<SimpleExpression>" & _
"<ValueExpression>" & _
"<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>" & _
"</ValueExpression>" & _
"<Operator>Equal</Operator>" & _
"<ValueExpression>" & _
"<Value Type=""UnsignedInteger"">2</Value>" & _
"</ValueExpression>" & _
"</SimpleExpression>" & _
"</Expression>" & _
"<Expression>" & _
"<SimpleExpression>" & _
"<ValueExpression>" & _
"<XPathQuery Type=""String"">PublisherName</XPathQuery>" & _
"</ValueExpression>" & _
"<Operator>Equal</Operator>" & _
"<ValueExpression>" & _
"<Value Type=""String"">SampleSource</Value>" & _
"</ValueExpression>" & _
"</SimpleExpression>" & _
"</Expression>" & _
"</And>" & _
"</FirstExpression>" & _
"<SecondComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</SecondComputerName>" & _
"<SecondLogName>Application</SecondLogName>" & _
"<SecondExpression>" & _
"<And>" & _
"<Expression>" & _
"<SimpleExpression>" & _
"<ValueExpression>" & _
"<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>" & _
"</ValueExpression>" & _
"<Operator>Equal</Operator>" & _
"<ValueExpression>" & _
"<Value Type=""UnsignedInteger"">1</Value>" & _
"</ValueExpression>" & _
"</SimpleExpression>" & _
"</Expression>" & _
"<Expression>" & _
"<SimpleExpression>" & _
"<ValueExpression>" & _
"<XPathQuery Type=""String"">PublisherName</XPathQuery>" & _
"</ValueExpression>" & _
"<Operator>Equal</Operator>" & _
"<ValueExpression>" & _
"<Value Type=""String"">SampleSource</Value>" & _
"</ValueExpression>" & _
"</SimpleExpression>" & _
"</Expression>" & _
"</And>" & _
"</SecondExpression>"
serviceMonitor.Configuration = monitorConfig
End Sub 'SpecifyMonitorConfiguration
'-------------------------------------------------------------------
Private Shared Sub ConfigureHealthStates(ByVal eventLogMonitor As ManagementPackUnitMonitor)
Dim healthyState As ManagementPackUnitMonitorOperationalState
Dim errorState As ManagementPackUnitMonitorOperationalState
healthyState = New ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorHealthyState")
errorState = New ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorWarningState")
healthyState.HealthState = HealthState.Success
healthyState.MonitorTypeStateID = "FirstEventRaised"
errorState.HealthState = HealthState.Warning
errorState.MonitorTypeStateID = "SecondEventRaised"
eventLogMonitor.OperationalStateCollection.Add(healthyState)
eventLogMonitor.OperationalStateCollection.Add(errorState)
End Sub 'ConfigureHealthStates
'-------------------------------------------------------------------
Private Shared Sub ConfigureAlertSettings(ByVal eventLogMonitor As ManagementPackUnitMonitor, _
ByVal unitMonitorType As ManagementPackUnitMonitorType, ByVal mp As ManagementPack)
eventLogMonitor.AlertSettings = New ManagementPackMonitorAlertSettings()
eventLogMonitor.AlertSettings.AlertOnState = HealthState.Error
eventLogMonitor.AlertSettings.AutoResolve = True
eventLogMonitor.AlertSettings.AlertPriority = ManagementPackWorkflowPriority.Normal
eventLogMonitor.AlertSettings.AlertSeverity = ManagementPackAlertSeverity.Error
Dim alertMessage As ManagementPackStringResource
alertMessage = New ManagementPackStringResource(mp, "SampleEventLogMonitorAlertMessage")
alertMessage.DisplayName = "Sample Event Log Monitor alert"
alertMessage.Description = "The specified event was detected in the event log"
eventLogMonitor.AlertSettings.AlertMessage = alertMessage
End Sub 'ConfigureAlertSettings
End Class 'Program
End Namespace 'SDKSamples