Including the event info in the alert description


When creating a Event Log unit monitor, you might want to include in the alert description the event information. Here are the expression that you can use in order to include the event information in the alert description:



  1. Publisher Name                   – $Data/Context/PublisherName$
  2. Event Number                      – $Data/Context/EventNumber$
  3. User Name                          – $Data/Context/UseName$
  4. Event Description                 – $Data/Context/EventDescription$


Comments (8)

  1. Anonymous says:

    And if I want to match Event Description in monitor, what should I use? There’s no such field to choose from drop down in monitor wizard.

  2. Anonymous says:

    Many of you know already that alert’s description can contain value of any of the properties of the data

  3. Anonymous says:

    Many of you know already that alert’s description can contain value of any of the properties of the data

  4. bajum says:

    Use the textbox selection and type in EventDescription (no space).

  5. Anonymous says:

    Is there any way of retrieving the detailed event information that my application has written to the event log; i’m using message & category dlls in the windows event log to decode the parameters i log, for example:

    Authentication failed [%1, %2].%r%rUserName=%13%r%rHTTP_USER_AGENT : %3%rHTTP_ACCEPT_ENCODING : %4%rREQUEST_METHOD : %5%rPATH_INFO : %6%rQUERY_STRING : %7%rHTTP_REFERER : %8%rREMOTE_HOST : %9%rREMOTE_PORT : %10%rHTTP_X_FORWARDED_FOR : %11%r%rASP.NET_SessionId=%12

    Produces the following message in the windows event log, & SCOM:

    Authentication failed [-20, Invalid username/password combination supplied.].

    UserName=cedmunds

    HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)

    HTTP_ACCEPT_ENCODING : gzip, deflate

    REQUEST_METHOD : POST

    PATH_INFO : /maintenance/login.aspx

    QUERY_STRING :

    HTTP_REFERER : http://dev.vacation.comtec-europe.net/maintenance/login.aspx

    REMOTE_HOST : 10.10.1.127

    REMOTE_PORT : 1305

    HTTP_X_FORWARDED_FOR :

    ASP.NET_SessionId=ihkhh145wj4qelbca45gpi45

    But what i’d really like is for (for example) the username parameter (%13) to be written to the custom field of an alert that reacts to this  event being raised.  I assume for this the data would need to be stored within the event somewhere in SCOM, is that possible?  Any help would be really appreciated.

  6. Anonymous says:

    In our MOM 2005 environment, we called a script in response to an event being found in the application log. It would read the event description and pull certain parts out for the alert msg to keep it short and simple.  how is that performed in Ops Mgr?

    In MOM 2005,  we started out with

    ‘========================================

    ‘ Get Event Description contents

    ‘========================================

    Set objSourceEvent = ScriptContext.Event

    strMsg = objSourceEvent.Message

    The parse through the strMsg information to get what we wanted and make the alert.

  7. Anonymous says:

    I want to filter logon/logoff events by TYPE, looking for Interactive (Type 2) and RemmoteInteractive (Type 10) events.  Can anyone tell me what this field is called so that I can filter for it using "Select an Event Property" => "Use parameter name not specified above"?

    To that end, does anybody have a list of fields possible to use here?

    Thanks.