Applies To
- Zenoss Resource Manager 5.1.x
- Control Center 1.1.6
Summary
It is important to use the appropriate query command and source fields to enable the WindowsEventLog data source source filter to work in your environment.
Procedure
To create a custom WindowsEventLog data source using, for example, the Event Viewer source field from the Event Viewer logs, you must use the ProviderName instead of the Source.
For example, this incorrect command uses Source, and will fail:
{ ($$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning) -and ($$_.Source -Like '*SQL*')}
To create a custom WindowsEventLog data source, use the Event Viewer source field from the Event Viewer logs instead. In this case, use ProviderName, shown in the following example command:
{ ($$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Error) -and ($$_.ProviderName -like '*SQL*')}
Additional information about creating Microsoft Windows event log queries are located in the Microsoft Windows ZenPack ZenPack:Microsoft_Windows in the Zenoss wiki.
Comments