Use the following procedure to create an NT-Event-log event collection rule in Essentials 2007. The events collected by the rule will display in event views for the targeted objects.
To create an NT-Event-Log event collection rule
Start the Essentials 2007 Create Rule Wizard. For information about starting the Create Rule Wizard, see How to Start the Create Rule Wizard in System Center Essentials.
On the Select a Rule Type page, do the following:
- Expand Collection Rules, expand Event Based, and
then click NT Event Log.
- Select a Management pack from the list, such as
Default Management Pack, or click New to create a
Management Pack with the Create a Management Pack Wizard.
Note The rule will be added to the specified Management Pack; therefore, only unsealed Management Packs are listed.
- Click Next.
- Expand Collection Rules, expand Event Based, and then click NT Event Log.
On the Rule Name and Description page, do the following:
- Type the Rule name, such as Win App Event 1000
- Optionally, type a Description for the rule.
- Click Select, click a target, such as Windows
Computer, and then click OK.
- Leave Rule is enabled selected to have the rule take
affect at the completion of the wizard, or clear the check box to
enable the rule at a later time, and then click Next.
- Type the Rule name, such as Win App Event 1000 LoadPerf.
On the Event Log Name page, leave Log name set to Application, or click the (…) button and select a different event log, and then click Next.
On the Build Event Expression page, build the filter the rule will use to collect events, for example:
- Set Event Number equal to the Windows Event ID of the
events you want the rule to collect, such as 1000.
- Set Event Source to a specific source of the events,
such as LoadPerf.
Note Click Insert to add an Expression, such as Event Level equals Error, or group expressions with OR or AND operators.
- Click Create.
Note The rule created in the preceding steps will collect Windows events with an ID of 1000 and generated by the source LoadPerf. Event ID and Source are properties of Windows events and can be viewed in the Windows Event Viewer.
- Set Event Number equal to the Windows Event ID of the events you want the rule to collect, such as 1000.