What is Rule in SCOM - How Rule work in SCOM - Types of Rule in SCOM and How to Create Event Based Rule in SCOM 2019

 In this blog I will cover what is Rule in SCOM, how does it work? Types of Rule in SCOM and how to create event based rule in SCOM 2019


What is Rule in SCOM?


Rule, basically define what you want to monitor. They define the data to collect and describe how to process and respond to that data.


The rules exist to perform various functions in operations manager, although,


That rule does not affect the state of an object where a monitor does impact the state of an object.

Rules that generate alerts don’t auto close. 


How do rules work?

For example, when you create an event based rule to configure and alert generating rule, as soon as you configure an event based rule.

Whenever an event is getting generated on the targeted object, that event is being captured by this rule and the condition, when the condition is met and alert data is being sent to the operations manager to trigger an alert in the operations console.








How to create a Rule in SCOM?

Login to SCOM Console -> Click Authoring


Under management pack -> click Rules



Right Click and select create a new rule


Here I am selecting event based alert

Select NT EventLog -> From Management pack list drop down and select Custom Management pack for overwrite.



Rule Name-> Type Rule Name

Rule Category -> Drop down and select from the list

Rule Target -> Browse and Select from list – Here I am selecting Windows Computer



Uncheck Rule is enabled -> By default it will be enabled. -> Next

Log Name -> Browse and search for Computer where you want to apply this rule – Here I am applying on SCCM.ads.com 

From Available event logs select System 


Click Ok -> Next

In EventID -> Enter Event number

In EventSource -> Enter Source 

Note -: you can refer any system based event from any server like below





You can change Priority and Severity as per your requirement.



Click create button 


Search the newly created rule Service Control Manager-test

By default newly created rules apply on all classes, you need to select the correct class that you had selected during creation.



Right click and select Overrides -> Override the Rule -> For all objects of another class

Note-: you can select as per your requirement like single or group or all objects


Search Windows Computer


Check mark on Enabled Parameter Name and change the Override Value to True


Click Apply and Ok


Now Rule has created and enabled -: Go to Monitoring tab and see Active Alert


No comments:

Post a Comment

Featured Post

HPE MSA 2040 configuration step by step

HPE MSA 2040 configuration Default IP range for HP SAN storage MSA 2040 is 10.0.0.1/2 You need to connect your laptop and storage with...