Home

Forums
       Operations Manager
       MP Development
       Config Manager
       CP Development
       Data Protection Mgr
       Essentials (SCE)
       Hyper-V
       SCVMM
       Service Manager
       Cloud
       Cross-Platform
       Opalis
       Avicode

Articles
       Operations Manager
       MP Development
       Config Manager
       CP Development
       Data Protection Mgr
       Essentials (SCE)
       SCVMM
       Hyper-V
       Virtualization
       Service Manager
       Cross-Platform

Web/Podcasts
       Virtualization
       Essentials (SCE)
       SCVMM
       Hyper-V
       Data Protection Mgr
       Config Manager
       Operations Manager

Downloads
       Config Manager
       Cross-Platform
       Data Protection Mgr
       Essentials (SCE)
       Operations Manager
       SCVMM
       Scripts
          Samples (SCOM 2007)
       Service Manager
       SQL Queries

Pack Catalog
       MP Catalog
       CP Catalog
       Mgmt Pack Extensions Contest
       Opalis IP Catalog

WIKI

Blogs
       Community
       Community Feedback
       Events

User Groups
       Arizona Systems Management User Group
       Atlanta Systems Management User Group
       Microsoft Enterprise Management User Group (Denver
       System Center Professional's User Group of Jax (Fl
       New York System Center User Group
       Portland EPG System Center User Group
       Northwest System Center User Group (Seattle)
       System Center User Group (Netherlands)
       System Center User Group (Belgium)
       System Center User Group (Malaysia)
       System Center Virtual User Group
       Powershell Virtual User Group

RSS
       Support Forum
 
  
Security Log Monitoring
Home  » Operations Manager  » Security Log Monitoring

Security Log Monitoring
Posted: Thu, Jun 25, 2009 10:58 AM :: Rank: 58
Author
Points: 6866
Level: System Center Specialist

Hello once again..

I recently created some monitors for the event log monitoring on a bunch of windows 2000 servers. These event ID's were from the Security Logs..

Somehow these monitors are not sending out any emails.. I bet I missed something.. Below are the details on what I did..

1) Created a timer Reset monitor for the event ID 123. monitor target - windows server 2000 and parent monitor security.
Event Log - Security.  Event Expression-- Event ID equals 123. Auto Reset timer -5 mins

2) Created a group and added 2 windows 2000 servers.  Disabled the monitor and created an override to be enabled for this group.

3) Created notification group. Added recepient,  group and windows 2000 server for the class.

4) Logged on to the server and checked that the new MP created has been downloaded to the local server.

5) Created the event id 123 on the security logs of the server.. no alert generated.. no email received..

Any ideas as where I went wrong?
   Report Abuse
Re: Security Log Monitoring
Posted: Thu, Jun 25, 2009 12:01 PM :: Rank: 83
Author
Points: 40744
Level: System Center Expert
Little stuck on step 2, have you disabled the whole monitor?
   Report Abuse
Re: Security Log Monitoring
Posted: Thu, Jun 25, 2009 1:25 PM :: Rank: 63
Author
Points: 6866
Level: System Center Specialist
Yes. disabled the whole monitor. But enabled it by creating an override just for the group which I had created. .. Makes sense?
   Report Abuse
Re: Security Log Monitoring
Posted: Thu, Jun 25, 2009 1:57 PM :: Rank: 77
Author
Points: 6866
Level: System Center Specialist
OK.. Simons question did make me think on the disabled monitor. What I had done was that I wanted this event to be monitored for only a bunch of servers. I created a group for those servers. I disabled the monitor and created an override just for that group where the override settings were "True". Well, I enabled the monitor for all the groups and deleted the override.. This worked. But I still wonder that why if I disable a monitor and create an override for only a group, that would not work.. Thanks all for all your help so far..
   Report Abuse
Re: Security Log Monitoring
Posted: Thu, Jun 25, 2009 9:13 PM :: Rank: 69
Author
Points: 6007
Level: System Center Specialist

But I still wonder that why if I disable a monitor and create an override for only a group, that would not work.. Thanks all for all your help so far..

This probably falls under override precedence.  You might try clicking the "Enforce" box for your Rule-Enable override.
   Report Abuse
Re: Security Log Monitoring
Posted: Fri, Jun 26, 2009 10:30 AM :: Rank: 54
Author
Points: 6866
Level: System Center Specialist
Thanks Brian. So you mean to say, that I disable the alert, and then create and override where I enable it for a group and check the enforce rule? Will try this and see if it works.. thx
   Report Abuse
RE: Security Log Monitoring
Posted: Thu, Jul 02, 2009 1:27 AM :: Rank: 72
Author
Points: 6007
Level: System Center Specialist

So you mean to say, that I disable the alert, and then create and override where I enable it for a group and check the enforce rule? Will try this and see if it works.. thx

I think you understand my meaning... You create a override to disable the rule/monitor for all classes of the target, then you create an override to enable the rule/monitor for a group or specific instance.  If this doesn't work, then "enforcing" the override to enable will make sure it works.
   Report Abuse

Home  » Operations Manager  » Security Log Monitoring
Tag Cloud
Quick Links
Top Contributors
Featured Members
Pete Zerger
Points: 65442
Level: System Center Expert
Tommy Gunn
Points: 42712
Level: System Center Expert
Simon Skinner
Points: 40744
Level: System Center Expert
Stefan Koell
Points: 28999
Level: System Center Expert
Andreas Zuckerhut
Points: 27434
Level: System Center Expert
  
  
 
    
Copyright 2009 - 2012 by System Center Central