MOM 2005 providers

  • Article

MOM 2005 providers are used to define where data being monitored by MOM is coming from/located.  Looking at the list of default providers you will notice two things - there are a number of them and each time a management pack is imported this list is subject to growth.

There are a number of different providers in MOM 2005 - lets discuss a few of them here.

Windows NT Event log - An event log provider is one that will monitor any of the several event logs for data of interest.  There are ones to monitor the application, security and system event logs and even ones for the Directory Services, DNS and File Replication services event logs.  Other management packs, such as the Web Sites and Services management pack, may add their own provider as well.

WMI - Provides a link into the various WMI namespaces.  Useful for tapping into virtually anything WMI provides and also is one mechanism MOM uses to interact with SNMP traps that may be generated by third party management systems.

Timed event - These providers allow actions to take place on a schedule - most often this might be running scripts that are part of installed management packs.

Generic - This category includes both the 'Internally Generated Data' provider and the 'Script Generated Data' provider.  More on these in a moment.

Application Log - Don't confuse this with the Windows NT Application Event Log provider.  This provider is used to read log files - such as IIS - to determine problem states.  Various management packs include their own versions of this provider to tap into application specific log files - such as the Systems Management Server management pack.

Understanding the function of the various provider is important.  The various rules in MOM, for example, use providers to do their job.  As an example, an 'alert or respond to event' rule in MOM needs to have the correct provider defined so that it knows where to look for an event to occur.  A rule that is configured to use the Windows NT application event log provider, for example, will not be able to detect events that are internally generated by MOM - the generic-internally generated event provider is required for that.  In the same way, a rule that is configured with the Windows NT application event log provider won't be able to pick up events that are generated by a script -even though those script generated events DO appear in the application event log - instead, the generic-script generated data provider is required for that. 

-Steve