I am trying to monitor two Windows Clusters in our environment. Basically our team is asking to know whenever a cluster or a resource within a cluster fails over, even if it comes back online without issue. I believe I have loaded the most up to date MP for Windows Clustering (http://www.microsoft.com/en-us/download/details.aspx?id=2268), but it doesn't alert unless the cluster fails over and is unable to bring resources online. And if we manually fail over specific resources within either cluster, we have yet to get any alert or information in the SCOM console (information/warning/critical).
These are all 2008 R2 clusters, and I see Event IDs 1200, 1201, 1202, 1203 and 1204 in the 'Microsoft-Windows-FailoverClustering/Operational' Event Log. I tried creating an Alert rule based on NT Event Log for the above Event IDs coming out of the 'Microsoft-Windows-FailoverClustering/Operational' log, but I still do not see any alerts or emails generated from these event entries in the clustering logs. I referenced a few articles, but creating rules based off the reading hasn't yielded any better results. Any thoughts? Rules for 1200/1201/1202/1203/1204 follow the below setup. 1) Rule Type a. Alert Generating Rule > Event Based > NT Event Log (Alert) b. Management Pack: "Company: Application Name - Custom" 2) General a. Rule Name: "Company: Application Name FailoverClustering Event ID 1200" b. Rule Category: Alert c. Rule Target: Windows Server d. Rule is enabled: (Unchecked) 3) Event Log Type a. Log Name: Microsoft-Windows-FailoverClustering/Operational 4) Build Event Expression a. Event ID - Equals - 1200 b. Event Source - Equals - FailoverClustering Each rule is then overriden to enable per group of server objects of the cluster nodes. Do I need to have the cluster objects in the group as opposed to the server objects? My thought is if we are monitoring the Event Log of a server, the server object must be where the rule applies. I'm not married to the event log monitoring, I just thought it was the best/broadest way to encompass all of our clusters in the manner requested by the applications team. If there is a better way within the cluster MP to monitor for all the above, I am happy to listen and try it out. Thank you in advance for any insight you may provide. Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you.
