How to Create an Event Log Unit Monitor

Applies To: System Center 2012 - Operations Manager

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

Unit monitors are used to monitor specific counters, events, scripts, and services. You can set the monitor to generate an alert.

For an example of how to create a unit monitor to monitor a service, see How to Create a Unit Monitor.

The following code example shows how to create a unit monitor that monitors the event log for specific events:

//
// Creates an event log unit monitor. 
//
using Microsoft.EnterpriseManagement;
using Microsoft.EnterpriseManagement.Administration;
using Microsoft.EnterpriseManagement.Common;
using Microsoft.EnterpriseManagement.Configuration;
using Microsoft.EnterpriseManagement.Monitoring;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Text;

namespace SDKSamples
{
    class Program
    {
        //-------------------------------------------------------------------
        static void Main(string[] args)
        {
            ManagementGroup               mg;
            ManagementPack                mp;
            ManagementPackCriteria mpCriteria;
            ManagementPackClass               mpClass;
            ManagementPackClassCriteria       mpClassCriteria;
            ManagementPackUnitMonitor         eventLogMonitor;
            ManagementPackUnitMonitorType     eventLogMonitorType;
            ManagementPackUnitMonitorTypeCriteria mpUnitMonitorTypeCriteria;
 
            mg = new ManagementGroup("localhost");
            mpCriteria = new ManagementPackCriteria("ID = 'Microsoft.SampleMP'");
            mp = mg.ManagementPacks.GetManagementPacks(mpCriteria)[0];

            mpClassCriteria = new ManagementPackClassCriteria("DisplayName='Windows Server 2003 Operating System'");
            mpClass = mg.EntityTypes.GetClasses(mpClassCriteria)[0];

            mpUnitMonitorTypeCriteria = new ManagementPackUnitMonitorTypeCriteria("ID='Microsoft.Windows.2SingleEventLog2StateMonitorType'");
            eventLogMonitorType = mg.Monitoring.GetUnitMonitorTypes(mpUnitMonitorTypeCriteria)[0];
            eventLogMonitor = new ManagementPackUnitMonitor(mp, "SampleEventLogMonitor", ManagementPackAccessibility.Internal);
 
            eventLogMonitor.DisplayName = "Sample Event Log Monitor";          
            eventLogMonitor.TypeID = eventLogMonitorType;
            eventLogMonitor.Target = mpClass;

            ConfigureAlertSettings(eventLogMonitor, eventLogMonitorType, mp);
            ConfigureHealthStates(eventLogMonitor);
            SpecifyMonitorConfiguration(eventLogMonitor);
            SpecifyParentMonitor(eventLogMonitor, mg);

            mp.Verify();
         

            //Save the changes into the management pack.
            mp.AcceptChanges();
        }
 
        // ------------------------------------------------------------------
        private static void SpecifyParentMonitor(
            ManagementPackUnitMonitor   eventLogMonitor, 
            ManagementGroup             mg
            )
        {
            ManagementPackAggregateMonitor  parentMonitor;
            ManagementPackMonitorCriteria                 monitorCriteria;
 
            monitorCriteria = new ManagementPackMonitorCriteria("Name='System.Health.AvailabilityState'");
            
            parentMonitor = (ManagementPackAggregateMonitor)mg.Monitoring.GetMonitors(monitorCriteria)[0];
 
            eventLogMonitor.ParentMonitorID = parentMonitor;
        }
 
        //-------------------------------------------------------------------
        private static void SpecifyMonitorConfiguration(
            ManagementPackUnitMonitor serviceMonitor
            )
        {
            string monitorConfig;
 
            monitorConfig = @"<FirstComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</FirstComputerName>
          <FirstLogName>Application</FirstLogName>
          <FirstExpression>
            <And>
              <Expression>
                <SimpleExpression>
                  <ValueExpression>
                    <XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
                  </ValueExpression>
                  <Operator>Equal</Operator>
                  <ValueExpression>
                    <Value Type=""UnsignedInteger"">2</Value>
                  </ValueExpression>
                </SimpleExpression>
              </Expression>
              <Expression>
                <SimpleExpression>
                  <ValueExpression>
                    <XPathQuery Type=""String"">PublisherName</XPathQuery>
                  </ValueExpression>
                  <Operator>Equal</Operator>
                  <ValueExpression>
                    <Value Type=""String"">SampleSource</Value>
                  </ValueExpression>
                </SimpleExpression>
              </Expression>
            </And>
          </FirstExpression>
          <SecondComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</SecondComputerName>
          <SecondLogName>Application</SecondLogName>
          <SecondExpression>
            <And>
              <Expression>
                <SimpleExpression>
                  <ValueExpression>
                    <XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
                  </ValueExpression>
                  <Operator>Equal</Operator>
                  <ValueExpression>
                    <Value Type=""UnsignedInteger"">1</Value>
                  </ValueExpression>
                </SimpleExpression>
              </Expression>
              <Expression>
                <SimpleExpression>
                  <ValueExpression>
                    <XPathQuery Type=""String"">PublisherName</XPathQuery>
                  </ValueExpression>
                  <Operator>Equal</Operator>
                  <ValueExpression>
                    <Value Type=""String"">SampleSource</Value>
                  </ValueExpression>
                </SimpleExpression>
              </Expression>
            </And>
          </SecondExpression>";
            
            serviceMonitor.Configuration = monitorConfig;
        }
 
        //-------------------------------------------------------------------           
        private static void ConfigureHealthStates(
            ManagementPackUnitMonitor       eventLogMonitor
            )
        {
            ManagementPackUnitMonitorOperationalState healthyState;
            ManagementPackUnitMonitorOperationalState errorState;
 
            healthyState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorHealthyState");
            errorState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorWarningState");
 
            healthyState.HealthState        = HealthState.Success;
            healthyState.MonitorTypeStateID = "FirstEventRaised";
            
            errorState.HealthState          = HealthState.Warning;
            errorState.MonitorTypeStateID   = "SecondEventRaised";
 
            eventLogMonitor.OperationalStateCollection.Add(healthyState);
            eventLogMonitor.OperationalStateCollection.Add(errorState);
        }
 
        //-------------------------------------------------------------------
        private static void ConfigureAlertSettings(
            ManagementPackUnitMonitor       eventLogMonitor,
            ManagementPackUnitMonitorType   unitMonitorType,
            ManagementPack                  mp
            )
        {
            eventLogMonitor.AlertSettings               = new ManagementPackMonitorAlertSettings();
            eventLogMonitor.AlertSettings.AlertOnState  = HealthState.Error;
            eventLogMonitor.AlertSettings.AutoResolve   = true;

            eventLogMonitor.AlertSettings.AlertPriority = ManagementPackWorkflowPriority.Normal;
            eventLogMonitor.AlertSettings.AlertSeverity = ManagementPackAlertSeverity.Error;
 
            ManagementPackStringResource alertMessage;
            
            alertMessage = new ManagementPackStringResource(mp, "SampleEventLogMonitorAlertMessage");
 
            alertMessage.DisplayName = "Sample Event Log Monitor alert";
            alertMessage.Description = "The specified event was detected in the event log";
 
            eventLogMonitor.AlertSettings.AlertMessage = alertMessage;
        }        
    }
}

See Also

Other Resources

Automating Operations Manager Administration