New Windows Event Alert Rule

Before you begin: Before creating a new rule you need to decide on a rule ID and a display name.

For more information, consult the Management Pack Content document, section Workflow/Element naming.

Rule naming

If the project is not open in Visual Studio, open it.
Find the folder for the class that you want use as target for your rule.

Add new item
Right-click the folder and choose Add\New Item....
In the list, select Empty Management Pack Fragment.

Enter fragment name
Enter a name for the fragment. This should be the same as as the description part of the rule name plus the word AlertRule. So if the rule description is SyncFailureEvents the new fragment should be named SyncFailureEventsAlertRule. Click Add. The fragment is created and opened.

Choose snippet
Right-click between the <ManagementPackFragment> tags and select Insert snippet. Choose MPDevToolkit\Rules\Alert Rules\. Select Alert, Windows Eventlog.

The code is inserted.

Enter MPID
Enter the MPID and press tab. Enter the description part of the rule name. Press tab.

Enter target
Enter the target class. To use intellisense, press Backspace and then Ctrl+Space. Press tab.

Enter path
Enter the path to the network name property. This depends on if and how the class is hosted. Press tab.

Enter unhealthy log name
Enter the name of the event log which contains the unhealthy event.
Press tab.

Enter unhealthy source name
Enter the name of the unhealthy events source. This is shown as "source" in the event viewer but can also be called "publisher name" or "provider name".
Press tab.

Enter unhealthy event id
Enter the event id for the unhealthy event.
Press tab.

Enter the rule display name
Enter the rule display name and description.
Press tab.

Enter the knowledge
Enter a short summary of what the rule checks and press tab. Write a resolution for alerts generated by the rule.

Press enter to stop editing. The rule is now done.

Save the file/project.

