Use the following procedure to create an NT-Event-log event collection rule in Operations Manager 2007. The events collected by the rule will display in event views for the targeted objects.
To create an NT-Event-Log event collection rule in Operations Manager 2007
Start the Operations Manager 2007 Create Rule Wizard.
Note For information about starting the Create Rule Wizard, see How to Start the Create Rule Wizard in Operations Manager 2007.
On the Select a Rule Type page, do the following:
- Expand Collection Rules, expand Event Based, and
then click NT Event Log.
- Select a Management pack from the list or click
New to create a management pack with the Create a Management
Note The rule will be added to the specified management pack; therefore, only unsealed management packs are listed. By default, when you create a management pack object, disable a rule or monitor, or create an override, Operations Manager saves the setting to the Default Management Pack. As a best practice, you should create a separate management pack for each sealed management pack you want to customize, rather than saving your customized settings to the Default Management Pack. For more information, see Default Management Pack.
- Click Next.
- Expand Collection Rules, expand Event Based, and then click NT Event Log.
On the Rule Name and Description page, do the following:
- Type the Rule name, such as Win App Event 1000
- Optionally, type a Description for the rule.
- Click Select, click a target, such as Windows
Computer, and then click OK.
- Leave Rule is enabled selected to have the rule take
affect at the completion of the wizard, or clear the check box to
enable the rule at a later time, and then click Next.
- Type the Rule name, such as Win App Event 1000 LoadPerf.
On the Event Log Name page, leave Log name set to Application, or click the (…) button and select a different event log, and then click Next.
On the Build Event Expression page, build the filter the rule will use to collect events, for example:
- Set Event Number equal to the Windows Event ID of the
events you want the rule to collect, such as 1000.
- Set Event Source to a specific source of the events,
such as LoadPerf.
Note Click Insert to add an Expression, such as Event Level equals Error, or group expressions with OR or AND operators.
- Click Create.
Note The rule created in the preceding steps will collect Windows events with an ID of 1000 and generated by the source LoadPerf. Event ID and Source are properties of Windows events and can be viewed in the Windows Event Viewer.
- Set Event Number equal to the Windows Event ID of the events you want the rule to collect, such as 1000.
Did you find this information useful? Please send your suggestions and comments about the documentation.