|
There are four ways this can be done in MOM
1.
It's happening anyway (part 1)!
This is such an obvious requirement for most administrators that it is built
into the agent functionality. So without having to do anything other than
install the agent with default settings, your server will be having all
its services sampled every ten minutes and the result reported once per
hour.
You can configure this through the Agent properties under MOM
Console\Configuration\Global Settings\Agent or for a particular agent through
Mom Console\Configuration\Agent Managers\<your agent
manager>\Properties\Managed Computers\<your managed
computer>\Settings
This provides a kind of health check overview and reports the results as
'Other Events' Look for event ID 21225. There is also a standard report
available through MOM Reporting that displays service uptime
statistics.
2.
It's happening anyway (part 2)!
The Base Management pack always installed with MOM includes the processing
rule group "Default Event Collection for Microsoft Windows NT and
2000" which contains rules that will automatically collect all entries
in the system event log where service stops and starts are recorded. These
will show up in the MOM console under Monitor\All Windows NT Events".
You can create your own Event or Alert Processing rule to watch
for these event ID's (1003 = stopped, 1001 = Started) where the source
is <the name of the service>.
3.
MOM Script 'Service Check Status'
If you need something more immediate you can use the MOM script 'Service
Check Status' which takes three parameters:
NumAttempts
- the number of attempts to contact the service before giving up
NumSecsBetweenRetries - time between retries in seconds
ServiceName
- The Registry key as it appears in HKLM\System\CCS\Services
Use a timed data provider (e.g. 'every 15 minutes') to run the script on the
target server. An example of how to use this is can be seen in the following
Processing Rule installed with the terminal services Management Pack supplied
with Mom:
Microsoft Windows Terminal Server
WTS NT 4.0
WTS NT 4.0
Shared Scripts
WTS Shared Scripts
Event Processing Rules
Check Service Availability
This rule fires every 17 minutes and raises an event reporting the state of
the WTS service. Other processing rules in the same group watch for this
event and generate alerts accordingly.
4.
MOM WMI Event Provider
For high octane instant results you can create your own WMI Event provider
using the following syntax:
|
Name:
|
<your name>
|
|
Namespace:
|
root\cimv2
|
|
Query:
|
"Select * from __instanceModificationEvent
Within 5 Where targetInstance ISA 'Win32_Service' And
targetInstance.name = '<the short name of the service>' "
|
|
Property List:
|
leave blank
|
5.
Use this provider as the basis for an Event or Alert processing rule. This
rule will create an alert whenever there is a change to the state of the
service. You could even run a script as the automatic response to re-star the
service.
6.
Notice though that this query polls the WMI class
every 5 seconds ('Within 5') to see if there has been a change. This
could add a significant overhead to WMI, which you could reduce by decreasing
the frequency. Also note that if the 'Windows Management Instrumentation'
service is bounced for any reason, the monitoring process is killed. To
reset it the agent must also be bounced.
|