Oh I see now. In this case – you aren’t auto-closing the old alert when state is reset, therefore the monitor increments repeat count of the original alert.
In this case – if you need to leave to old alerts, but need to ensure you have new alerts generated, then I’d consider writing a rule with the consolidator condition detection. I actually have a blog post half written on that, but there are other blog post examples out there. Using the SCOM 2007R2 authoring console makes it pretty easy. From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Sanders Sent: Tuesday, September 16, 2014 2:00 PM To: [email protected] Subject: Re: [msmom] Alerts "Updating" Themselves Kevin- I see the concept here - resetting the monitor after an alert is generated. This is not working, however. The alert is still updating rather then generating a new one. --- Andrew Sanders | Enterprise Systems Specialist Enterprise Systems | Information Technology Services | Appalachian State University 828-262-7803 (p) | 828-262-6034 (f) | [email protected]<mailto:[email protected]> Peacock Hall - Rm 1127 | 416 Howard St. | Boone, NC | 28608 http://cio.appstate.edu | http://its.appstate.edu | http://support.appstate.edu Microsoft Certified IT Professional | Microsoft Certified Technical Specialist Need Help? Enter a Support Request at http://support.appstate.edu/help On Tue, Sep 16, 2014 at 4:40 PM, Kevin Holman <[email protected]<mailto:[email protected]>> wrote: See example at http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Andrew Sanders Sent: Tuesday, September 16, 2014 1:31 PM To: [email protected]<mailto:[email protected]> Subject: [msmom] Alerts "Updating" Themselves I am trying to create an alert that will tell me when a login fails X number of times in Y seconds due to bad credentials. I have the alert working by looking at event log entries, but if a second login fails, it "updates" the alert with the new account information and details from the event log. Is there any way to stop this from happening? Ideally, a second alert would be created. I think part of the problem is that the source and name remain the same. I am using a monitor to do this, not a rule. --- Andrew Sanders | Enterprise Systems Specialist Enterprise Systems | Information Technology Services | Appalachian State University 828-262-7803<tel:828-262-7803> (p) | 828-262-6034<tel:828-262-6034> (f) | [email protected]<mailto:[email protected]> Peacock Hall - Rm 1127 | 416 Howard St. | Boone, NC | 28608 http://cio.appstate.edu | http://its.appstate.edu | http://support.appstate.edu Microsoft Certified IT Professional | Microsoft Certified Technical Specialist Need Help? Enter a Support Request at http://support.appstate.edu/help
