Creating an Event Log unit monitor using the SDK
Here is a sample of how you can create an event log unit monitor. As you can see it's very similar to creating an NT service unit monitor. The main difference is the monitor type and the configuration passed to the monitor.
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Text;
using Microsoft.EnterpriseManagement;
using Microsoft.EnterpriseManagement.Administration;
using Microsoft.EnterpriseManagement.Common;
using Microsoft.EnterpriseManagement.Configuration;
using Microsoft.EnterpriseManagement.Monitoring;
namespace SDKSamples
{
class Program
{
//-------------------------------------------------------------------
static void Main(string[] args)
{
ManagementGroup mg;
ManagementPack mp;
MonitoringClass monitoringClass;
MonitoringClassCriteria monitoringClassCriteria;
ManagementPackUnitMonitor eventLogMonitor;
ManagementPackUnitMonitorType eventLogMonitorType;
mg = new ManagementGroup("localhost");
mp = mg.GetManagementPacks("SampleMP")[0];
monitoringClassCriteria = new MonitoringClassCriteria("DisplayName='Windows Server 2003 Operating System'");
monitoringClass = mg.GetMonitoringClasses(monitoringClassCriteria)[0];
eventLogMonitorType = mg.GetUnitMonitorTypes("Microsoft.Windows.2SingleEventLog2StateMonitorType")[0];
eventLogMonitor = new ManagementPackUnitMonitor(mp, "SampleEventLogMonitor", ManagementPackAccessibility.Internal);
eventLogMonitor.DisplayName = "Sample Event Log Monitor";
eventLogMonitor.TypeID = eventLogMonitorType;
eventLogMonitor.Target = monitoringClass;
ConfigureAlertSettings(eventLogMonitor, eventLogMonitorType, mp);
ConfigureHealthStates(eventLogMonitor);
SpecifyMonitorConfiguration(eventLogMonitor);
SpecifyParentMonitor(eventLogMonitor, mg);
mp.Verify();
//Save the changes into the management pack.
mp.AcceptChanges();
}
private static void SpecifyParentMonitor(
ManagementPackUnitMonitor eventLogMonitor,
ManagementGroup mg
)
{
ManagementPackAggregateMonitor parentMonitor;
MonitorCriteria monitorCriteria;
monitorCriteria = new MonitorCriteria("Name='System.Health.AvailabilityState'");
parentMonitor = (ManagementPackAggregateMonitor)mg.GetMonitors(monitorCriteria)[0];
eventLogMonitor.ParentMonitorID = parentMonitor;
}
//-------------------------------------------------------------------
private static void SpecifyMonitorConfiguration(
ManagementPackUnitMonitor serviceMonitor
)
{
string monitorConfig;
monitorConfig = @"<FirstComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</FirstComputerName>
<FirstLogName>Application</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""UnsignedInteger"">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""String"">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""String"">SampleSource</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Property[Type=""Windows!Microsoft.Windows.Computer""]/NetworkName$</SecondComputerName>
<SecondLogName>Application</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""UnsignedInteger"">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""UnsignedInteger"">1</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=""String"">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=""String"">SampleSource</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</SecondExpression>";
serviceMonitor.Configuration = monitorConfig;
}
//------------------------------------------------------------------- private static void ConfigureHealthStates(
ManagementPackUnitMonitor eventLogMonitor
)
{
ManagementPackUnitMonitorOperationalState healthyState;
ManagementPackUnitMonitorOperationalState errorState;
healthyState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorHealthyState");
errorState = new ManagementPackUnitMonitorOperationalState(eventLogMonitor, "EventLogMonitorWarningState");
healthyState.HealthState = HealthState.Success;
healthyState.MonitorTypeStateID = "FirstEventRaised";
errorState.HealthState = HealthState.Warning;
errorState.MonitorTypeStateID = "SecondEventRaised";
eventLogMonitor.OperationalStateCollection.Add(healthyState);
eventLogMonitor.OperationalStateCollection.Add(errorState);
}
//-------------------------------------------------------------------
private static void ConfigureAlertSettings(
ManagementPackUnitMonitor eventLogMonitor,
ManagementPackUnitMonitorType unitMonitorType,
ManagementPack mp
)
{
eventLogMonitor.AlertSettings = new ManagementPackMonitorAlertSettings();
eventLogMonitor.AlertSettings.AlertOnState = HealthState.Error;
eventLogMonitor.AlertSettings.AutoResolve = true;
eventLogMonitor.AlertSettings.AlertPriority = ManagementPackWorkflowPriority.Normal;
eventLogMonitor.AlertSettings.AlertSeverity = ManagementPackAlertSeverity.Error;
ManagementPackStringResource alertMessage;
alertMessage = new ManagementPackStringResource(mp, "SampleEventLogMonitorAlertMessage");
alertMessage.DisplayName = "Sample Event Log Monitor alert";
alertMessage.Description = "The specified event was detected in the event log";
eventLogMonitor.AlertSettings.AlertMessage = alertMessage;
}
}
}