cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 15

Use of a wildcard in the source definition on Windows Event Log

Jump to solution

So I haven't upgraded to SAM 5.2 yet (scheduled for next week) but I need to know if it is now possible to do a wildcard match in the Source for an event log monitor.  On SAM 5.0.1 that is not currently possible.  This is part of the reason I wrote my own powershell script to check event logs (it also returns the message which I know is included in the 5.2 version). 

This is especially important on monitoring a SQL cluster server.  A SQL cluster server will have multiple instances and each instance is it's own source.  With the template as is I would have to have a custom component for each instance MSSQL$Instance1 MSSQL$Instance2 etc because these are the source names.  If I can use a wildcard I can match simply on MSSQL* and call it a day.

In addition to having the message returned in the alert I would also need the source that way the SQL team can know via the alert which instance triggered the event.

Is any of this possible in 5.2 or should I submit a feature request?  If it isn't I guess I'll have to keep using my custom script.

Thanks,

Mike

0 Kudos
1 Solution
Product Manager
Product Manager

Mike, there have been no enhancements to the log source monitoring capabilities in the SAM 5.2 release that would address the requirements you specified above. I have however logged this as a feature request internally as FB188190.

View solution in original post

0 Kudos
6 Replies
Level 14

Easy with SCOM ...

0 Kudos
Product Manager
Product Manager

Mike, there have been no enhancements to the log source monitoring capabilities in the SAM 5.2 release that would address the requirements you specified above. I have however logged this as a feature request internally as FB188190.

View solution in original post

0 Kudos

aLTeReGo - curious to know if there has been any progress on the internal request (FB188190) for wildcards in the source definition on Windows Event Log.  Anything new on this topic???

0 Kudos

I would really like to see this functionality makes it's way into SAM. I have several BizTalk server that I want to monitor using a source of "BizTalk Server*". It seem like this would be minimal work and be appreciated by the customer base.

0 Kudos

No significant changes were made in the SAM 6.0 release that would allow for wildcard matching of the event log source. I recommend in the interim, if you require this functionality that you look at possibly using the Log Forwarder for Windows, available for download through the Customer Portal.

0 Kudos

Thanks I will be able to use the built in monitor for the logs I poll with a specific defined source and just use my scripts for the ones I need a wildcard match.  Luckily I only have about 20 SQL cluster servers that this is really an issue on....everything else is a single source match.

0 Kudos