TechQA.

How can i create an alert in OMS when a windows service is stopped?

602 views Asked by At

I need OMS to trigger an alert when a service is stopped for example the IIS service. Can someone advise the best way to do this?

Thanks

azure azure-oms
Original Q&A
2

There are 2 answers

0
itye1970 On

i worked it out myself

To get this list you need to go to advanced analytics in your OMS workspace then run the query as below

search EventLog == "System"
| where ( EventLevelName == "Information" )
| where ( Computer == "server1" )

This then shows a list of other fields, i found the ParameterXml field contained what i needed ie the keywords "World Wide Web Publishing Service" and "stopped". I then added this to the above query to filter out where the service called IIS (World Wide Web Publishing) stopped

search EventLog == "System"
| where ( EventLevelName == "Information" )
| where ( Computer == "server1" )
| where ParameterXml == "<Param>World Wide Web Publishing Service</Param><Param>stopped</Param><Param>-</Param>"

All you need to do then is create an alert and set your conditions

0
Matt Richardson On

I used the "Change Tracking" solution for this: ConfigurationChange | where ConfigChangeType == "WindowsServices" and SvcName == "W3SVC" and SvcState != "Running"

Then to alert once back up: ConfigurationChange | where ConfigChangeType == "WindowsServices" and SvcName == "W3SVC" and SvcState == "Running"

Related Questions in AZURE

Related Questions in AZURE-OMS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions