SCOM Alert with Multiple OR Values

Joseph Setaro 121 Reputation points


I am running SCOM 2019, and I want to setup an alert for when certain computers come online. I created an NT Event Log Rule for Operations Manager Event ID 20020, and Parameter 2 contains Computer01. This works, but how can I setup this alert to notify me if Computer01, Computer02, or Computer03 comes online? I tried entering Computer01 Computer02 in the Parameter field. I also tried Computer01, Computer02, and this did not work either.

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,443 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andrew Tabar 171 Reputation points

    Another idea is to create a rule that alerts on event id 6005 in the system log that's targeted at those computers - event ID 6005 means the Event Log service has started and I use it as a way to detect reboots (which would also alert on systems that started up). Target Windows Server (or computer) with the rule disabled by default. Create a group of computers that you want the rule to run on and enable the rule for that group.
    This way would be more elegant since you can easily add computers to the group and not have a long regex if you want to watch for more than a few computers.

    1 person found this answer helpful.
    0 comments No comments

  2. Andrew Tabar 171 Reputation points

    Maybe a Regex? the pipe character | is an OR


    0 comments No comments

  3. Joseph Setaro 121 Reputation points


    I created a group, and I added a few computers in it. I disabled the rule, and when I choose override for a group, my group does not appear. Any suggestions please?