Below are the step by step method to create event id based rule creation in SCOM.If you want to monitor any event id through SCOM, you can use below steps.
- In operation console click to authoring console and right click rule.
2. As we are creating event based rule.select NT Event Log(Alert) and save in Management pack.Click Next
Give the rule name(I have given SCOM Test Rule) and Select the rule category.In Rule target click select and search for all windows computer.
I have enabled the rule.But for production always uncheck this box and based on your requirement you can override the rule.
3.Select the log name.I am creating alert for application log and click next
4. Give the event id which you want to monitor.For example I have given 101 and event Source is EventCreate. Click Next
Click next and Click Create.
Lets Test the event which we created.
Login to any SCOM monitor device and open the CMD as adminstrator.
Run the below command.
After running the CMD you should see the below output.
Now open SCOM operation console and click on new alert