Text log monitoring in Operations Manager part 2

Part 2: Log parser monitor

In part 1 I showed how to use the built-in text log rule in the Authoring Console. In this part I will create a rule that is using Log Parser to match a pattern in a text log.

In this example I will use a script-based Rule using PowerShell in the Operations Manager 2007 R2 Authoring Console.

Of course PowerShell needs to be installed on the servers your are going to monitor, also Log Parser is needed. You can download Log Parser here.

Make sure the appropriate privileges are set to the DCOM object MSUtil, either by changing the identity or setting up a RunAs account for the rule.

I used the following script in the Management Pack to call Log Parser.

param($InFile, $QueryValue)

$api = New-Object -comObject "MOM.ScriptAPI"

if ((Get-WmiObject -Class Win32_OperatingSystem -ea 0).OSArchitecture -eq '64-bit') { 
	$iCheckPoint = "C:\Program Files (x86)\Log Parser 2.2\checkpoint.lpc"
} else { 
	$iCheckPoint = "C:\Program Files\Log Parser 2.2\checkpoint.lpc"
$query = "SELECT Text,LogFileName FROM $InFile WHERE Text LIKE '%$QueryValue%'"
$inputtype = New-Object -comObject MSUtil.LogQuery.TextLineInputFormat
$inputtype.iCheckpoint = $iCheckPoint
$inputtype.recurse = 0

$ObjLogparser = new-object -com MSUtil.LogQuery 

$recordSet = $ObjLogparser.Execute($query, $inputtype) 

for(; !$recordSet.atEnd(); $recordSet.moveNext()) { 
      $record = $recordSet.getRecord() 
      $bag = $api.CreatePropertyBag()


1. First off create a new MP and design your Service Model in the Authoring Console.

Probe Action

2. In the Type Library pane choose Module Types -> Probe Actions.

3. Right-click the window or use the action menu and click New -> Composite Probe Action …

4. Set the ID and then Name the Probe Action.

5. In the Configuration Schema tab add the parameters to be used in the script. Set the appropriate Type.

6. In the Member Modules tab click Add… and then choose the Module Type Microsoft.Windows.PowerShellPropertyBagTriggerOnlyProbe.

7. Click Edit ..

8. Paste the script in the <ScriptBody> tags and add the <Parameters> and <TimeoutSeconds> tags.

9. Save the settings and check the Data Types tab that Trigger Only and Data Type is set to System.PropertyBagData.

10. In Options select Public if you need to access it from other Management packs. Click OK to finish.

Write Action

11. Create a new Composite Write Action in the Write Action window. Set an ID and Name.

12. In Member Modules click Add…, select the Type System.Health.GenerateAlert and name the ID.

13. Click Configure.

14. Fill in Alert name, Alert description, Priority and Severity.

15. Set the Accessibility in the Options tab. Click OK.

Data Source

16. In the Data Sources window create a new Data Source and set ID and Name.

17. In Configuration Schema add the variables in use.

18. Set the Overridable Variables.

19. In Member Modules click Add… and use System.SimpleScheduler and ModuleID.

20. Set the values for the variables in use.

21. Add the previously created Probe Action.

22. Set the variables.

23. Set the Module run order with the appropriate NextModule value.


24. Now we can create a Rule based on this. In the Health Model pane create a new Custom Rule. Set an ID, Name and target at a class.

25. In the Modules tab add the Data Source and Write Action that was created earlier.

26. Click Edit… for the Data Source and set the variable values.

The rule is now created and you can run this on servers with PowerShell and Log Parser installed.

Any feedback is appreciated.

Authoring, SCOM 2007 R2, SCOM 2012

Leave a Reply

Your email address will not be published. Required fields are marked *