1. Start the Essentials 2007 Create Rule Wizard. For information about starting the Create Rule Wizard, see How to Start the Create Rule Wizard in System Center Essentials.

2. On the Select a Rule Type page, do the following:

   1. Expand Collection Rules, expand Event Based, and then click NT Event Log.
      
      
   2. Select a Management pack from the list, such as Default Management Pack, or click New to create a Management Pack with the Create a Management Pack Wizard.
      
      

      Note
      The rule will be added to the specified Management Pack; therefore, only unsealed Management Packs are listed.

   3. Click Next.
      
      

3. On the Rule Name and Description page, do the following:

   1. Type the Rule name, such as Win App Event 1000 LoadPerf.
      
      
   2. Optionally, type a Description for the rule.
      
      
   3. Click Select, click a target, such as Windows Computer, and then click OK.
      
      
   4. Leave Rule is enabled selected to have the rule take affect at the completion of the wizard, or clear the check box to enable the rule at a later time, and then click Next.
      
      

4. On the Event Log Name page, leave Log name set to Application, or click the (…) button and select a different event log, and then click Next.

5. On the Build Event Expression page, build the filter the rule will use to collect events, for example:

   1. Set Event Number equal to the Windows Event ID of the events you want the rule to collect, such as 1000.
      
      
   2. Set Event Source to a specific source of the events, such as LoadPerf.
      
      

      Note
      Click Insert to add an Expression, such as Event Level equals Error, or group expressions with OR or AND operators.

   3. Click Create.
      
      

   Note
   The rule created in the preceding steps will collect Windows events with an ID of 1000 and generated by the source LoadPerf. Event ID and Source are properties of Windows events and can be viewed in the Windows Event Viewer.

Tasks

Concepts