Home
  •  

Central Log Access Monitor

Microsoft.Windows.10.SDNMonitoring.CentralLogAccessMonitor (UnitMonitor)

This monitors the access to the central diagnostic log location from Network Controller nodes.

Knowledge Base article:

Summary

This monitors the access to the central diagnostic log location from Network Controller's windows fabric cluster.

Causes

The central log location where the application and cluster logs of the Network Controller are uploaded, is inaccessible from one of the windows fabric cluster.

Resolutions

Ensure that the central log location is accessible from all the nodes of the windows fabric cluster.

© 2016 Microsoft Corporation, all rights reserved

Element properties:

TargetSDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode
Parent MonitorSystem.Health.AvailabilityState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.2SingleEventLog2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Central Log Access Alert

Central diagnostic log location not accessible from Network Controller nodes
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.Windows.10.SDNMonitoring.CentralLogAccessMonitor" Accessibility="Public" Enabled="true" Target="SDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.Windows.10.SDNMonitoring.CentralLogAccessMonitor.AlertMessage">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>

    <OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <!-- Computer name for the first event.  We will use a variable to get the target computer name. -->

    <FirstComputerName>$Target/Property[Type="SDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode"]/Id$</FirstComputerName>

    <!-- Name of the log containing the first event. -->

    <FirstLogName>Windows Fabric/Admin</FirstLogName>

    <!-- Expression for the first event -->

    <FirstExpression>

      <And>

        <!-- Expression for the first event number -->

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">18505</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <!-- Expression for the first event source -->

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft-Windows-WindowsFabric</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </FirstExpression>

    <!-- Computer name for the second event.  We will use a variable to get the target computer name. -->

    <SecondComputerName>$Target/Property[Type="SDNMonitoringMP.SDNMonitoring.NetworkControllerClusterNode"]/Id$</SecondComputerName>

    <!-- Name of the log containing the first event. -->

    <SecondLogName>Windows Fabric/Admin</SecondLogName>

    <!-- Expression for the second event -->

    <SecondExpression>

      <And>

        <!-- Expression for the second event number -->

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">19529</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <!-- Expression for the second event source -->

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">Microsoft-Windows-WindowsFabric</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </And>

    </SecondExpression>

  </Configuration>

</UnitMonitor>