I'm creating a rule to look for a missing event in a windows log using SCOM and I need to override the rule for different groups of servers to set different timings.
For example server A needs to have an alert raised if the event is missing for 30mins but on server B, we only produce the alert for 60mins without the event.
Is there any way to allow overriding this property of the missing event detection unit monitor?
The Missing Event Schedule, and the, Auto Reset Timer, properties are not values that can be overridden on a unit monitor. A brief overview of the overridable properties can be found at How to Create an Override for a Monitor.
We always follow the pattern of "target a class, but override for a group". I think this generally means in this situation we would create the following assets:
Something like that.
Its not as clean, or as reusable, as we might like, so I'm hoping someone will post a more 'reusable' / DRY'er way to achieve this.
I wonder if an alternative might be to have a custom script monitor reading the event log at some interval, which is configured outside of SCOM (e.g. registry, config service, etc)? Just thinking out loud..
