Friday, June 6, 2008

So you want to generate an alert from an Event Log on a cluster?

So you've got a shiny new installation System Center Operations Manager (SCOM) 2007 and some services running on a Cluster you want to monitor. One might think it would be a simple matter of creating a rule and targeting the cluster.

One would be wrong.

The xml of the management pack has to be edited to include the
1 element added to the configuration of the datasource for the rule. For example:

.
.
.
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<AllowProxying>1</AllowProxying> <!-- This is it here -->
<Expression>
.
.
.

This is necessary only if the service generating the event logs is NOT cluster-aware. Applications like SQL Server are cluster-aware and will emit their messages with their computer name set properly. If the application is not cluster-aware, it will use the cluster-node that it's running on as it's computer name.

1 comment:

Elizabeth said...

Hello!
I want to create a simple event reset (I want the states) and not a rule for monitoring an application not cluster aware (the computername on the event log is not the cluster name but it is the node name where the service is hotsted).
Could you post an example?

Thank you!
Elizabeth