Ad Widget

Collapse

Event log monitoring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • engineer
    Junior Member
    • Mar 2010
    • 25
    #1

    Event log monitoring

    Hi

    I have a trigger below that works:

    ({t_MS_Exchange2003:eventlog[Application,Microsoft Exchange].logsource(MSExchangeIS Mailbox Store)}=1&{t_MS_Exchange2003:eventlog[Application,Microsoft Exchange].str(was stopped)}=1)|({TRIGGER.VALUE}=1&({t_MS_Exchange200 3:eventlog[Application,Microsoft Exchange].logsource(MSExchangeIS Mailbox Store)}=0&({t_MS_Exchange2003:eventlog[Application,Microsoft Exchange].str(was started)}=0)))

    What this does, if an eventlog from log source MSEXchangeIS Mailbox Store is logged, with the words "was stopped" we will be notified that the information store was stopped.

    I'm trying to create another one from logsource MSExchangeIS that when the words mapi is found in the log, an error is alerts. This is a test as I just want to use other keywords, but this is not working?

    ({t_MS_Exchange2003:eventlog[Application,Microsoft Exchange].logsource(MSExchangeIS)}=1&{t_MS_Exchange2003:eve ntlog[Application,Microsoft Exchange].str(Mapi)}=1)|({TRIGGER.VALUE}=1&({t_MS_Exchange2 003:eventlog[Application,Microsoft Exchange].logsource(MSExchangeIS)}=0&({t_MS_Exchange2003:ev entlog[Application,Microsoft Exchange].str(blegghh)}=0)))

    Any idea?
    I copied it from a previous trigger an ex ployee setup, but my changed dont work
    Last edited by engineer; 01-04-2011, 17:06.
    Tags: None
    • engineer
      Junior Member
      • Mar 2010
      • 25
      #2
      I got further

      I now created this:

      ({t_MS_Exchange2003:eventlog[Application,Exchange store].logsource(MSExchangeIS Mailbox Store)}=1&{t_MS_Exchange2003:eventlog[Application,Exchange store].str(This database size is approaching the size limit of)}=1)|({TRIGGER.VALUE}=1&({t_MS_Exchange2003:eve ntlog[Application,Exchange store].logsource(MSExchangeIS Mailbox Store)}=0&({t_MS_Exchange2003:eventlog[Application,Exchange store].str(blegghh)}=0)))

      I have one server with this event logged that is reporting as it should. I am expecting more but they are not. Any ideas?

      Also one of them displayed briefly, but has now dissapeared. Any ideas there? The words blegghh was not in the event so not sure why its cleared. Am I missing something here? Very possible as I'm not very skilled on this.

      Thanks

        Comment

        Previous template Next
        Working...