I have created a Simple Event Detection event monitor which creates a Warning alert when any of the event IDs in a regular expression are matched eg 99|100|101 etc. This works except that once the monitor has triggered, and the server affected goes into a Warning state, no more alerts are sent. I.E if an ID 99 sends an alert and then an ID 100 occurs the ID 100 is not shown in SCOM as an alert.
Can anyone tell me how I can get around this. I dont want to create a separate rule for every one of the event IDs as there are too many of them.
You have used the words “monitor” and “rule” interchangably in your question, but they are two different things.
A monitor will set the state, and not alert again until the state changes. This is, I think, what you have created. The fact that the state of the server changes leads me to believe so as well (rules are not stateful).
A rule will alert each time an instance of something, e.g. an event, occurs. This is what you want to happen. (It can be surpressed to increment the repeat count by one, and not create a new event, but this is not what you want.)
So, if you create a rule that contains the expression to alert when any of the event IDs occurs, it will do what you want, i.e. alert each time any of those events occur.
And to complicate matters, if you want both an event to happen each time, and also fo the state of the server to change, you should create a rule, to create the alerts, and a monitor, to change the state.
Thanks for your answer and explanation. Your right, I mistakenly used both.
I see what you mean and that I need both to achieve what I am trying to do. I’ll look into that and see if I can get what I’m after. Thanks again. Ian.