Enumerating Windows Event log manual reset monitors


Couple of days ago I saw a question about how can one find out the list of manual reset event log monitors in a management group. Given that this is a little bit tricky I decided to post a sample so that others could see how to do it as well. Attached is a powershell script that will dump a list of Windows Event log manual reset monitors. All you need to do in order to execute the script is just open up the OpsMgr command shell and type the path of the script (C:\GetManualResetEventLogMonitors.ps1).


 

GetManualResetEventLogMonitors.zip

Comments (5)

  1. Anders Gothberg says:

    Thx Boris.

  2. Torbjorn says:

    Hi Boris,

    I want to be able to find out if a monitor is manual reset from an alert, i.e. find out if an alert is created by an manual reset monitor.

    I can not figure out if this doable. I do something like this:

    $alert = get-alert | where {$_.Id -eq $alert_id}

    $monitor = get-monitor -criteria "Id like $alert.MonitoringRuleId"

    So now I know which monitor that created the alert. This works fine. But from here I cannot figure out how to check if this monitor is of manual reset type. GetType method does not give away if the monitor is manual reset.

    I would appriciate the help!