Monitor Event id

(imported topic written by BenUK77791)

Hi,

I’m having trouble monitoring an Event id. I’ve read some posts referencing the ‘true’ event id but am unable to get this working.

I basically want to perform an analysis for any hard disk errors in the system event log. Particulary Event id 51 or 55. If possible I’d like to see if this event id exists and the last entry.

So for have tried the following:

exists ( time generated of it, description of it ) of items 1 of it whose ( time generated of item 1 of it = item 0 of it ) of ( maximum of times generated of records whose ( event id of it = 51 ) of it, records whose ( event id of it = 51 ) of it ) of system event log else “N/A”

Have also tried below to return any events with the source “Disk”.

descriptions of records whose (source of it = “disk”) of system event log

Any advice appreciated.

Ben.

(imported comment written by BenKus)

Hi Ben,

Your relevance works on my system… which makes me a bit nervous about my systems health:

q:descriptions of records whose (source of it as lowercase = “disk”) of system event log
A: The device, \Device\Harddisk0\DR0, has a bad block.

Note that I made a slight change to do a case insensitive compare.

You might want to also try:

q:descriptions of records whose (source of it as lowercase = “disk” OR event id of it = 51 OR event id of it = 50 ) of system event log

Ben

(imported comment written by BenUK77791)

Thanks Ben, perfect.

(imported comment written by SystemAdmin)

So this topic leads me to ask the question:

When is the BigFix Performance Management Pack being released? :slight_smile:

Seriously, is anything like this in the works?

(imported comment written by BenKus)

Hey jspanitz,

We aren’t currently working on this… what sorts of features/use cases did you have in mind? And are you looking to replace another product?

Ben

(imported comment written by SystemAdmin)

Hmm, I think it would be interesting to see if BigFix could do something along the lines of what MS has done with Systems Center Operations Manager (MOM). For example you would deploy an exchange support site (manangement pack in SCOM terms) and it would monitor the environment and have preset values for thresholds an such. But that is diving in pretty deep.

So for starters, it would be nice to see cross platform monitoring of CPU, Disk and Memory, with realtime alerts.