Use the following procedure to create an alert generating NT-event-log-based rule in Essentials 2007. The alerts generated by the rule will display in alert views for the targeted objects.
To create an alert generating an NT-event-log-based rule
-
Start the Essentials 2007 Create Rule Wizard. For information about starting the Create Rule Wizard, see Запуск мастера создания правила в System Center Essentials.
-
On the Select a Rule Type page, do the following:
- Expand Alert Generating Rules, expand Event
Based, and then click NT Event Log (Alert).
- Select a Management pack from the list, such as
Default Management Pack, or click New to create a
Management Pack with the Create a Management Pack Wizard.
Примечание The rule will be added to the specified Management Pack; therefore, only unsealed Management Packs are listed. - Click Next.
- Expand Alert Generating Rules, expand Event
Based, and then click NT Event Log (Alert).
-
On the Rule Name and Description page, do the following:
- Type the Rule name, such as Win App Event 1000
LoadPerf.
- Optionally, type a Description for the rule.
- Click Select, select a target, such as Windows
Computer, and then click OK.
- Leave Rule is enabled selected, to have the rule take
effect at the completion of the wizard, or clear the check box to
enable the rule at a later time, and then click Next.
- Type the Rule name, such as Win App Event 1000
LoadPerf.
-
On the Event Log Name page, for example, leave Log name set to Application, and then click Next.
-
On the Build Event Expression page, build the query the rule will use to generate alerts, for example:
- Set Event ID equal to the Windows Event ID of the events
you want the rule to collect, such as 1000.
- Set the Event Source to a specific source of the events,
such as .LoadPerf.
Примечание Click Insert to add an Expression, such as Event Level equals Error, or group expressions with OR or AND operators. - Click Next.
Примечание The rule created in the preceding example will generate an alert when Windows event 1000 is raised by .LoadPerf. Event ID and Source are properties of a Windows event and can be viewed in the Windows Event Viewer. - Set Event ID equal to the Windows Event ID of the events
you want the rule to collect, such as 1000.
-
On the Configure Alerts page, set the properties of the alert, for example:
- Type the Name for the alert, such as Alert generating
Rules Win App Event 1000 LoadPerf.
- Optionally, type the Description for the alert. You can
also click the (…) button and select Target and
Data variables to include in the description, such as
NetBIOS Computer Name.
- Select a Priority from the list, such as Low.
- Select a Severity from the list, such as
Information.
- Optionally, click Custom alert fields and type values or
click the (…) button and insert variables in the custom
fields, and then click OK.
- Optionally, click Alert suppression, and then select one
or more Fields of the alert. Alert suppression is useful
when there are multiple alerts for the same issue.
- Click Create.
- Type the Name for the alert, such as Alert generating
Rules Win App Event 1000 LoadPerf.