Collect alert data generated by upgrade and uninstalling scripts of .NET Enterprise Agent

AVIcode.DotNet.SystemCenter.EnterpriseAgentCannotBeUpgraded (Rule)

Knowledge Base article:

Summary

This rule collects event log messages that indicates that the AVIcode Intercept Agent was not able to be upgraded on the target computer.

Messages for the last 2 hours will be available in 'Management Pack Events' view. Please inspect them for details.

Element properties:

TargetMicrosoft.Windows.Computer
CategoryCustom
EnabledFalse
Event_ID20000
Event SourceHealth Service Script
Alert GenerateTrue
Alert SeverityError
Alert PriorityHigh
RemotableFalse
Alert Message
Enterprise .NET Monitoring Agent cannot be upgraded or uninstalled.
{0}
Event LogOperations Manager

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="AVIcode.DotNet.SystemCenter.EnterpriseAgentCannotBeUpgraded" Enabled="false" Target="Windows!Microsoft.Windows.Computer" ConfirmDelivery="true" Remotable="false" Priority="Normal" DiscardLevel="100">
<Category>Custom</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>.</ComputerName>
<LogName>Operations Manager</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">20000</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Health Service Script</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">EventDescription</XPathQuery>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>Enterprise .NET Monitoring Agent cannot be upgraded</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">EventDescription</XPathQuery>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>Enterprise .NET Monitoring Agent cannot be uninstalled</Pattern>
</RegExExpression>
</Expression>
</Or>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>2</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="AVIcode.DotNet.SystemCenter.EnterpriseAgentCannotBeUpgraded.AlertMessageResourceID"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>