Share via

Why isn't my generated event creating an alert in SCOM when using eventcreate?

jezi 60 Reputation points
2024-09-11T16:06:35.5733333+00:00

I am attempting to monitor an event log for a specific event on one of my servers in SCOM 2022. I have created a Unit Monitor in Monitors - Windows Events, selected the Management Pack, and set the target to all Windows 2019/2022 computers. However, when I generate the event using eventcreate, nothing happens. I see no alerts in SCOM. In Health Explorer, I can see the Monitor listed.

Why isn't this working? What should I try?

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,488 questions
0 comments
Accepted answer
  1. XinGuo-MSFT 18,691 Reputation points
    2024-09-12T01:54:09.71+00:00

    Hi,

    It sounds like you’ve set up everything correctly, but there might be a few reasons why your event isn’t triggering an alert in SCOM. Here are some steps you can try to troubleshoot the issue:

    1. Event Log Service: Restart the Event Log service on the server. Sometimes, the service might not be picking up the new events correctly.
    2. Monitor Configuration: Double-check the configuration of your Unit Monitor. Ensure that the event ID, source, and log name match exactly what is being generated by eventcreate.
    3. SCOM Agent: Make sure the SCOM agent is running on the server where the event is being generated. If the agent is not running or has issues, it won’t be able to report the event back to the SCOM management server.
    4. SCOM Cache: Clear the cache on the SCOM management server. Sometimes, stale cache can cause issues with alert generation. You can do this by running a PowerShell script to clear the SCOM cache.
    5. Permissions: Ensure that the account running the SCOM agent has the necessary permissions to read the event logs and report back to the SCOM management server.
    6. Health Service State: Check the health service state on the SCOM management server. If there are any issues with the health service, it might not be processing the events correctly.

    If you’ve tried these steps and the issue persists, you might want to recreate the monitor or create a rule instead of a monitor. Rules can be simpler to configure and might help you identify if the issue is with the monitor configuration.

    Let me know if you need more detailed steps on any of these points!

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.