How to Create an Event Log Unit Monitor
System Center
Updated: May 22, 2009
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1, System Center Operations Manager 2007
Unit monitors are used to monitor specific counters, events, scripts, and services. You can set the monitor to generate an alert.
For an example of how to create a unit monitor to monitor a service see, How to Create a Unit Monitor.
The following code example shows how to create a unit monitor that monitors the event log for specific events.
// // Creates an event log unit monitor. // using Microsoft.EnterpriseManagement; using Microsoft.EnterpriseManagement.Administration; using Microsoft.EnterpriseManagement.Common; using Microsoft.EnterpriseManagement.Configuration; using Microsoft.EnterpriseManagement.Monitoring; using System; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Text; namespace SDKSamples { class Program { //------------------------------------------------------------------- static void Main(string[] args) { ManagementGroup mg; ManagementPack mp; MonitoringClass monitoringClass; MonitoringClassCriteria monitoringClassCriteria; ManagementPackUnitMonitor eventLogMonitor; ManagementPackUnitMonitorType eventLogMonitorType; mg = new ManagementGroup("localhost"); mp = mg.GetManagementPacks("SampleMP")[0]; monitoringClassCriteria = new MonitoringClassCriteria("DisplayName='Windows Server 2003 Operating System'"); monitoringClass = mg.GetMonitoringClasses(monitoringClassCriteria)[0]; eventLogMonitorType = mg.GetUnitMonitorTypes("Microsoft.Windows.2SingleEventLog2StateMonitorType")[0]; eventLogMonitor = new ManagementPackUnitMonitor(mp, "SampleEventLogMonitor", ManagementPackAccessibility.Internal); eventLogMonitor.DisplayName = "Sample Event Log Monitor"; eventLogMonitor.TypeID = eventLogMonitorType; eventLogMonitor.Target = monitoringClass; ConfigureAlertSettings(eventLogMonitor, eventLogMonitorType, mp); ConfigureHealthStates(eventLogMonitor); SpecifyMonitorConfiguration(eventLogMonitor); SpecifyParentMonitor(eventLogMonitor, mg); mp.Verify(); //Save the changes into the management pack. mp.AcceptChanges(); } // ------------------------------------------------------------------ private static void SpecifyParentMonitor( ManagementPackUnitMonitor eventLogMonitor, ManagementGroup mg ) { ManagementPackAggregateMonitor parentMonitor; MonitorCriteria monitorCriteria; monitorCriteria = new MonitorCriteria("Name='System.Health.AvailabilityState'"); parentMonitor = (ManagementPackAggregateMonitor)mg.GetMonitors(monitorCriteria)[0]; eventLogMonitor.ParentMonitorID = parentMonitor; } //------------------------------------------------------------------- private static void SpecifyMonitorConfiguration( ManagementPackUnitMonitor serviceMonitor ) { string monitorConfig; monitorConfig = @"<FirstComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</FirstComputerName> <FirstLogName>Application</FirstLogName> <FirstExpression> <And> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type=""UnsignedInteger"">2</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type=""String"">PublisherName</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type=""String"">SampleSource</Value> </ValueExpression> </SimpleExpression> </Expression> </And> </FirstExpression> <SecondComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</SecondComputerName> <SecondLogName>Application</SecondLogName> <SecondExpression> <And> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type=""UnsignedInteger"">1</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type=""String"">PublisherName</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type=""String"">SampleSource</Value> </ValueExpression> </SimpleExpression> </Expression> </And> </SecondExpression>"; serviceMonitor.Configuration = monitorConfig; } //------------------------------------------------------------------- private static void ConfigureHealthStates( ManagementPackUnitMonitor eventLogMonitor ) { ManagementPackUnitMonitorOperationalState healthyState; ManagementPackUnitMonitorOperationalState errorState; healthyState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorHealthyState"); errorState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorWarningState"); healthyState.HealthState = HealthState.Success; healthyState.MonitorTypeStateID = "FirstEventRaised"; errorState.HealthState = HealthState.Warning; errorState.MonitorTypeStateID = "SecondEventRaised"; eventLogMonitor.OperationalStateCollection.Add(healthyState); eventLogMonitor.OperationalStateCollection.Add(errorState); } //------------------------------------------------------------------- private static void ConfigureAlertSettings( ManagementPackUnitMonitor eventLogMonitor, ManagementPackUnitMonitorType unitMonitorType, ManagementPack mp ) { eventLogMonitor.AlertSettings = new ManagementPackMonitorAlertSettings(); eventLogMonitor.AlertSettings.AlertOnState = HealthState.Error; eventLogMonitor.AlertSettings.AutoResolve = true; eventLogMonitor.AlertSettings.AlertPriority = ManagementPackWorkflowPriority.Normal; eventLogMonitor.AlertSettings.AlertSeverity = ManagementPackAlertSeverity.Error; ManagementPackStringResource alertMessage; alertMessage = new ManagementPackStringResource(mp, "SampleEventLogMonitorAlertMessage"); alertMessage.DisplayName = "Sample Event Log Monitor alert"; alertMessage.Description = "The specified event was detected in the event log"; eventLogMonitor.AlertSettings.AlertMessage = alertMessage; } } }
