How to Create an Event Log Unit Monitor
Applies To: System Center 2012 - Operations Manager
[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]
Unit monitors are used to monitor specific counters, events, scripts, and services. You can set the monitor to generate an alert.
For an example of how to create a unit monitor to monitor a service, see How to Create a Unit Monitor.
The following code example shows how to create a unit monitor that monitors the event log for specific events:
//
// Creates an event log unit monitor.
//
using Microsoft.EnterpriseManagement;
using Microsoft.EnterpriseManagement.Administration;
using Microsoft.EnterpriseManagement.Common;
using Microsoft.EnterpriseManagement.Configuration;
using Microsoft.EnterpriseManagement.Monitoring;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Text;
namespace SDKSamples
{
class Program
{
//-------------------------------------------------------------------
static void Main(string[] args)
{
ManagementGroup mg;
ManagementPack mp;
ManagementPackCriteria mpCriteria;
ManagementPackClass mpClass;
ManagementPackClassCriteria mpClassCriteria;
ManagementPackUnitMonitor eventLogMonitor;
ManagementPackUnitMonitorType eventLogMonitorType;
ManagementPackUnitMonitorTypeCriteria mpUnitMonitorTypeCriteria;
mg = new ManagementGroup("localhost");
mpCriteria = new ManagementPackCriteria("ID = 'Microsoft.SampleMP'");
mp = mg.ManagementPacks.GetManagementPacks(mpCriteria)[0];
mpClassCriteria = new ManagementPackClassCriteria("DisplayName='Windows Server 2003 Operating System'");
mpClass = mg.EntityTypes.GetClasses(mpClassCriteria)[0];
mpUnitMonitorTypeCriteria = new ManagementPackUnitMonitorTypeCriteria("ID='Microsoft.Windows.2SingleEventLog2StateMonitorType'");
eventLogMonitorType = mg.Monitoring.GetUnitMonitorTypes(mpUnitMonitorTypeCriteria)[0];
eventLogMonitor = new ManagementPackUnitMonitor(mp, "SampleEventLogMonitor", ManagementPackAccessibility.Internal);
eventLogMonitor.DisplayName = "Sample Event Log Monitor";
eventLogMonitor.TypeID = eventLogMonitorType;
eventLogMonitor.Target = mpClass;
ConfigureAlertSettings(eventLogMonitor, eventLogMonitorType, mp);
ConfigureHealthStates(eventLogMonitor);
SpecifyMonitorConfiguration(eventLogMonitor);
SpecifyParentMonitor(eventLogMonitor, mg);
mp.Verify();
//Save the changes into the management pack.
mp.AcceptChanges();
}
// ------------------------------------------------------------------
private static void SpecifyParentMonitor(
ManagementPackUnitMonitor eventLogMonitor,
ManagementGroup mg
)
{
ManagementPackAggregateMonitor parentMonitor;
ManagementPackMonitorCriteria monitorCriteria;
monitorCriteria = new ManagementPackMonitorCriteria("Name='System.Health.AvailabilityState'");
parentMonitor = (ManagementPackAggregateMonitor)mg.Monitoring.GetMonitors(monitorCriteria)[0];
eventLogMonitor.ParentMonitorID = parentMonitor;
}
//-------------------------------------------------------------------
private static void SpecifyMonitorConfiguration(
ManagementPackUnitMonitor serviceMonitor
)
{
string monitorConfig;
monitorConfig = @"<FirstComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</FirstComputerName>
<FirstLogName>Application</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""UnsignedInteger"">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""String"">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""String"">SampleSource</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</SecondComputerName>
<SecondLogName>Application</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""UnsignedInteger"">1</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""String"">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""String"">SampleSource</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</SecondExpression>";
serviceMonitor.Configuration = monitorConfig;
}
//-------------------------------------------------------------------
private static void ConfigureHealthStates(
ManagementPackUnitMonitor eventLogMonitor
)
{
ManagementPackUnitMonitorOperationalState healthyState;
ManagementPackUnitMonitorOperationalState errorState;
healthyState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorHealthyState");
errorState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorWarningState");
healthyState.HealthState = HealthState.Success;
healthyState.MonitorTypeStateID = "FirstEventRaised";
errorState.HealthState = HealthState.Warning;
errorState.MonitorTypeStateID = "SecondEventRaised";
eventLogMonitor.OperationalStateCollection.Add(healthyState);
eventLogMonitor.OperationalStateCollection.Add(errorState);
}
//-------------------------------------------------------------------
private static void ConfigureAlertSettings(
ManagementPackUnitMonitor eventLogMonitor,
ManagementPackUnitMonitorType unitMonitorType,
ManagementPack mp
)
{
eventLogMonitor.AlertSettings = new ManagementPackMonitorAlertSettings();
eventLogMonitor.AlertSettings.AlertOnState = HealthState.Error;
eventLogMonitor.AlertSettings.AutoResolve = true;
eventLogMonitor.AlertSettings.AlertPriority = ManagementPackWorkflowPriority.Normal;
eventLogMonitor.AlertSettings.AlertSeverity = ManagementPackAlertSeverity.Error;
ManagementPackStringResource alertMessage;
alertMessage = new ManagementPackStringResource(mp, "SampleEventLogMonitorAlertMessage");
alertMessage.DisplayName = "Sample Event Log Monitor alert";
alertMessage.Description = "The specified event was detected in the event log";
eventLogMonitor.AlertSettings.AlertMessage = alertMessage;
}
}
}