OpsMgr++

PingBack from http://msdnrss.thecoderblogs.com/2007/10/23/including-the-event-info-in-the-alert-description/

And if I want to match Event Description in monitor, what should I use? There's no such field to choose from drop down in monitor wizard.

Many of you know already that alert’s description can contain value of any of the properties of the data

Many of you know already that alert’s description can contain value of any of the properties of the data

Use the textbox selection and type in EventDescription (no space).

Is there any way of retrieving the detailed event information that my application has written to the event log; i'm using message & category dlls in the windows event log to decode the parameters i log, for example:

Authentication failed [%1, %2].%r%rUserName=%13%r%rHTTP_USER_AGENT : %3%rHTTP_ACCEPT_ENCODING : %4%rREQUEST_METHOD : %5%rPATH_INFO : %6%rQUERY_STRING : %7%rHTTP_REFERER : %8%rREMOTE_HOST : %9%rREMOTE_PORT : %10%rHTTP_X_FORWARDED_FOR : %11%r%rASP.NET_SessionId=%12

Produces the following message in the windows event log, & SCOM:

Authentication failed [-20, Invalid username/password combination supplied.].

UserName=cedmunds

HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)

HTTP_ACCEPT_ENCODING : gzip, deflate

REQUEST_METHOD : POST

PATH_INFO : /maintenance/login.aspx

QUERY_STRING :

HTTP_REFERER : http://dev.vacation.comtec-europe.net/maintenance/login.aspx

REMOTE_HOST : 10.10.1.127

REMOTE_PORT : 1305

HTTP_X_FORWARDED_FOR :

ASP.NET_SessionId=ihkhh145wj4qelbca45gpi45

But what i'd really like is for (for example) the username parameter (%13) to be written to the custom field of an alert that reacts to this  event being raised.  I assume for this the data would need to be stored within the event somewhere in SCOM, is that possible?  Any help would be really appreciated.

In our MOM 2005 environment, we called a script in response to an event being found in the application log. It would read the event description and pull certain parts out for the alert msg to keep it short and simple.  how is that performed in Ops Mgr?

In MOM 2005,  we started out with

'========================================

' Get Event Description contents

'========================================

Set objSourceEvent = ScriptContext.Event

strMsg = objSourceEvent.Message

The parse through the strMsg information to get what we wanted and make the alert.

I want to filter logon/logoff events by TYPE, looking for Interactive (Type 2) and RemmoteInteractive (Type 10) events.  Can anyone tell me what this field is called so that I can filter for it using "Select an Event Property" => "Use parameter name not specified above"?

To that end, does anybody have a list of fields possible to use here?

Thanks.