Alert monitor for events generated by winevent - IBM.SystemX.BaseSystem.Event (UnitMonitor)

IBM.SystemX.BaseSystem.Event (UnitMonitor)

Alert monitor for events generated by winevent

Knowledge Base article:

Summary

This monitor generates an alert when a user runs the Winevent tool (winevent.exe). For more information about the Winevent tool, see Lenovo Systems Director documentation.

Configuration

You can disable this monitor through the Operations Manager's Operations Console. See the "Disable monitors" topic in the Operations Manager's Operations User's Guide for more information.

There is no monitoring interval to configure for this monitor.

Causes

A user invokes the Winevent tool (winevent.exe) to generate events that are detected in the WMI CIM server and forwarded to the CIM listener. Please note that in a few circumstances, the Winevent tool does not work correctly and the event ID and the description may be incorrect. Therefore, you cannot fully rely on the Winevent tool for displaying events.

Detailed specifics about the cause of the event are recorded in the alert data and in the state change record. The latest state change of this monitor reflects the severity level of the most recent event recorded by this monitor.

Resolutions

After the test of generating event, manually reset the health state of this monitor. However, any outstanding corresponding alerts will be automatically closed. See the "Reset Health" topic in the Operations Manager's Operations User's Guide for more information.

Note: Only one WinEvent event can run at one time. Clear the first event before displaying the next event generated by using the Winevent tool (winevent.exe).

Additional

For Winevent tool (winevent.exe) information, see "Lenovo Director CIM Instrumentation SDK" information Web page. The following URL links have the Winevent tool (winevent.exe) information.

Element properties:

Target

IBM.SystemX.BaseSystem

Parent Monitor

System.Health.ConfigurationState

Category

Custom

Enabled

True

Alert Generate

True

Alert Severity

MatchMonitorHealth

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

IBM.MonitorType.WinEventManualReset3State

Remotable

True

Accessibility

Public

Alert Message

This is a test event generated by winevent

{0} -- EventClass = {1}

RunAs

Default

Source Code:

<UnitMonitor ID="IBM.SystemX.BaseSystem.Event" Accessibility="Public" Enabled="true" Target="IBM.SystemX.BaseSystem" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Common!IBM.MonitorType.WinEventManualReset3State" ConfirmDelivery="false"> <Category>Custom</Category> <AlertSettings AlertMessage="IBM.SystemX.BaseSystem.Event.AlertMessageResourceID"> <AlertOnState>Warning</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>MatchMonitorHealth</AlertSeverity> <AlertParameters> <AlertParameter1>$Data/Context/Property[@Name="Description"]$</AlertParameter1> <AlertParameter2>$Data/Context/Property[@Name="__CLASS"]$</AlertParameter2> </AlertParameters> </AlertSettings> <OperationalStates> <OperationalState ID="Critical" MonitorTypeStateID="ErrorEventRaised" HealthState="Error"/> <OperationalState ID="Warning" MonitorTypeStateID="WarningEventRaised" HealthState="Warning"/> <OperationalState ID="Success" MonitorTypeStateID="ManualResetEventRaised" HealthState="Success"/> </OperationalStates> <Configuration> <NameSpace>root\ibmsd</NameSpace> <Query>SELECT __Class, AlertingManagedElement, Description, EventID, PerceivedSeverity FROM CIM_AlertIndication</Query> <CIMAlertFilterExpression> <RegExExpression> <ValueExpression> <XPathQuery>Property[@Name="EventID"]</XPathQuery> </ValueExpression> <Operator>ContainsSubstring</Operator> <Pattern>"IBMPSG_WinEvent"</Pattern> </RegExExpression> </CIMAlertFilterExpression> <PollInterval>10</PollInterval> <WinEventFiltering>$Target/Host/Property[Type="IBM.SystemX.Platform"]/ibmInternalWinEventFiltering$</WinEventFiltering> </Configuration> </UnitMonitor>