Home
  •  

Eftersläpande händelser tar lång tid att bearbeta

Microsoft.SystemCenter.HealthServiceModules.WindowsEventLog.ProcessingBackLoggedEventsTooLong (UnitMonitor)

Övervakaren kontrollerar om Windows-händelseloggmodulen bearbetar eftersläpande händelser under en viss tidsperiod.

Knowledge Base article:

Sammanfattning

Den här övervakaren och aviseringen indikerar att System Center Management-tjänsten för hälsotillstånd har bearbetat äldre händelser i en viss händelselogg under längre tid än förväntat.

Nedan visas en översikt över standardkonfigurationen av den här övervakaren:

Orsaker

Både varningstillståndet och det kritiska tillståndet kan indikera följande om agenten:

Lösningar

Du kan utföra följande kontroller för att närmare avgöra den bakomliggande orsaken till problemet:

1. Öppna händelsevisningen på datorn för aviseringen eller övervakartillståndet.

2. Kontrollera om ett program eller händelsekälla verkar logga många händelser per minut till händelseloggen

3. Om det inte finns något tydligt tecken på vilket program som loggar dessa händelser ska du kontrollera resursanvändningen på datorn. Om ett program utnyttjar stora mängder minne eller CPU ska du kontrollera med programägaren eller administratören om det är ett förväntat beteende.

4. Om det inte gör något att övervakningen av de befintliga händelserna inte genomförs kan du rensa händelseloggen.

Obs! Om du rensar händelseloggen medan System Center Management-tjänsten för hälsotillstånd fortfarande bearbetar eftersläpande händelser sker det ingen övervakning av dessa.

Element properties:

TargetMicrosoft.SystemCenter.HealthService
Parent MonitorMicrosoft.SystemCenter.HealthServiceModules.WindowsEventLog.Rollup
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.SystemCenter.HealthServiceModules.CorrelatedEventAndMissingEvent
RemotableTrue
AccessibilityPublic
Alert Message
Eftersläpande händelser tar lång tid att bearbeta
{0}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.SystemCenter.HealthServiceModules.WindowsEventLog.ProcessingBackLoggedEventsTooLong" Accessibility="Public" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.HealthService" ParentMonitorID="Microsoft.SystemCenter.HealthServiceModules.WindowsEventLog.Rollup" Remotable="true" Priority="Normal" TypeID="Microsoft.SystemCenter.HealthServiceModules.CorrelatedEventAndMissingEvent" ConfirmDelivery="true">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.SystemCenter.HealthServiceModules.WindowsEventLog.ProcessingBackLoggedEventsTooLong_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Item0Context/DataItem/EventDescription$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="FinishedProcessingBackLoggedEvents" MonitorTypeStateID="SuccessEventRaised" HealthState="Success"/>

    <OperationalState ID="StillProccessingBackLoggedEventsWarning" MonitorTypeStateID="CorrelatedMissingEventWarningRaised" HealthState="Warning"/>

    <OperationalState ID="StillProccessingBackLoggedEventsError" MonitorTypeStateID="CorrelatedMissingEventErrorRaised" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <LogName>Operations Manager</LogName>

    <Expression>

      <And>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">25018</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">26018</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Health Service Modules</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="String">$Target/ManagementGroup/Name$</Value>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <XPathQuery Type="String">Params/Param[1]</XPathQuery>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </Expression>

    <FirstCorrelatedMissingEventWarningComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstCorrelatedMissingEventWarningComputerName>

    <FirstCorrelatedMissingEventWarningLogName>Operations Manager</FirstCorrelatedMissingEventWarningLogName>

    <FirstCorrelatedMissingEventWarningExpression>

      <And>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">25017</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">26017</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Health Service Modules</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="String">$Target/ManagementGroup/Name$</Value>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <XPathQuery Type="String">Params/Param[1]</XPathQuery>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </FirstCorrelatedMissingEventWarningExpression>

    <SecondCorrelatedMissingEventWarningComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondCorrelatedMissingEventWarningComputerName>

    <SecondCorrelatedMissingEventWarningLogName>Operations Manager</SecondCorrelatedMissingEventWarningLogName>

    <SecondCorrelatedMissingEventWarningExpression>

      <And>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">25018</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">26018</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Health Service Modules</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="String">$Target/ManagementGroup/Name$</Value>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <XPathQuery Type="String">Params/Param[1]</XPathQuery>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </SecondCorrelatedMissingEventWarningExpression>

    <CorrelatorWarning>

      <CorrelationExpression>

        <Expression/>

      </CorrelationExpression>

      <Count>1</Count>

      <Interval>600</Interval>

      <CorrelationOrder>InSequence</CorrelationOrder>

      <CorrelationItemPolicy>ResetWindow</CorrelationItemPolicy>

    </CorrelatorWarning>

    <FirstCorrelatedMissingEventErrorComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstCorrelatedMissingEventErrorComputerName>

    <FirstCorrelatedMissingEventErrorLogName>Operations Manager</FirstCorrelatedMissingEventErrorLogName>

    <FirstCorrelatedMissingEventErrorExpression>

      <And>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">25017</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">26017</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Health Service Modules</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="String">$Target/ManagementGroup/Name$</Value>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <XPathQuery Type="String">Params/Param[1]</XPathQuery>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </FirstCorrelatedMissingEventErrorExpression>

    <SecondCorrelatedMissingEventErrorComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondCorrelatedMissingEventErrorComputerName>

    <SecondCorrelatedMissingEventErrorLogName>Operations Manager</SecondCorrelatedMissingEventErrorLogName>

    <SecondCorrelatedMissingEventErrorExpression>

      <And>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">25018</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="UnsignedInteger">26018</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Health Service Modules</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="String">$Target/ManagementGroup/Name$</Value>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <XPathQuery Type="String">Params/Param[1]</XPathQuery>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </SecondCorrelatedMissingEventErrorExpression>

    <CorrelatorError>

      <CorrelationExpression>

        <Expression/>

      </CorrelationExpression>

      <Count>1</Count>

      <Interval>1200</Interval>

      <CorrelationOrder>InSequence</CorrelationOrder>

      <CorrelationItemPolicy>ResetWindow</CorrelationItemPolicy>

    </CorrelatorError>

  </Configuration>

</UnitMonitor>