Unsubscribe msmom
On Mon, 16 Mar 2015 at 20:18 Orlebeck, Geoffrey <[email protected]> wrote: > I may have answered my own question. In the standard Event Log the > source of the event showed as “FailoverClustering”, but in the Cluster > manager event log it showed as “Microsoft-Windows-FailoverClustering”. I > removed the source as a parameter and did a test failover and received the > alerts. Setting the source to “equal” the string appears to be the cause of > the problem. Disregard. > > > > Thanks, > > Geoff > > > > *From:* Orlebeck, Geoffrey > *Sent:* Monday, March 16, 2015 10:03 AM > *To:* '[email protected]' > *Subject:* Monitoring Clusters: > > > > I am trying to monitor two Windows Clusters in our environment. Basically > our team is asking to know whenever a cluster or a resource within a > cluster fails over, even if it comes back online without issue. I believe I > have loaded the most up to date MP for Windows Clustering ( > http://www.microsoft.com/en-us/download/details.aspx?id=2268), but it > doesn’t alert unless the cluster fails over and is unable to bring > resources online. And if we manually fail over specific resources within > either cluster, we have yet to get any alert or information in the SCOM > console (information/warning/critical). > > > > These are all 2008 R2 clusters, and I see Event IDs 1200, 1201, 1202, 1203 > and 1204 in the ‘Microsoft-Windows-FailoverClustering/Operational’ Event > Log. I tried creating an Alert rule based on NT Event Log for the above > Event IDs coming out of the > ‘Microsoft-Windows-FailoverClustering/Operational’ log, but I still do not > see any alerts or emails generated from these event entries in the > clustering logs. > > > > I referenced a few articles, but creating rules based off the reading > hasn’t yielded any better results. Any thoughts? > > > > Rules for 1200/1201/1202/1203/1204 follow the below setup. > > > > 1) Rule Type > > a. Alert Generating Rule > Event Based > NT Event Log (Alert) > > b. Management Pack: “Company: Application Name – Custom” > > 2) General > > a. Rule Name: “Company: Application Name FailoverClustering Event ID > 1200” > > b. Rule Category: Alert > > c. Rule Target: Windows Server > > d. Rule is enabled: (Unchecked) > > 3) Event Log Type > > a. Log Name: Microsoft-Windows-FailoverClustering/Operational > > 4) Build Event Expression > > a. Event ID – Equals – 1200 > > b. Event Source – Equals – FailoverClustering > > > > Each rule is then overriden to enable per group of server objects of the > cluster nodes. Do I need to have the cluster objects in the group as > opposed to the server objects? My thought is if we are monitoring the Event > Log of a server, the server object must be where the rule applies. > > > > I’m not married to the event log monitoring, I just thought it was the > best/broadest way to encompass all of our clusters in the manner requested > by the applications team. If there is a better way within the cluster MP to > monitor for all the above, I am happy to listen and try it out. Thank you > in advance for any insight you may provide. > Confidentiality Notice: This is a transmission from Community Hospital of > the Monterey Peninsula. This message and any attached documents may be > confidential and contain information protected by state and federal medical > privacy statutes. They are intended only for the use of the addressee. If > you are not the intended recipient, any disclosure, copying, or > distribution of this information is strictly prohibited. If you received > this transmission in error, please accept our apologies and notify the > sender. Thank you. >
