Creating event based alerting rules in SCOM 2012

Hi Guys,

Below are the step by step method to create event id based rule creation in SCOM.If you want to monitor any event id through SCOM, you can use below steps.

  1. In operation console click to authoring console and right click rule.

 

scom-rule2

2. As we are creating event based rule.select NT Event Log(Alert) and save in Management pack.Click Next

Give the rule name(I have given SCOM Test Rule)  and Select the rule category.In Rule target click select and search for all windows computer.

scom-rule4

I have enabled the rule.But for production always uncheck this box and based on your requirement you can override the rule.

scom-rule3

3.Select the log name.I am creating alert for application log and click next

scom-rule5

4. Give the event id which you want to monitor.For example I have given 101 and event Source is EventCreate. Click Next

scom-rule-6

Click next and Click Create.

Lets Test the event which we created.

Login to any SCOM monitor device and open the CMD as adminstrator.

Run the below command.

scom-rule6

 

After running the CMD you should see the below output.

scom-rule7

Now open SCOM operation console and click on new alert

scom-output

 

 

 

 

 

Advertisements