30 Aralık 2016 Cuma

Adding custom information to alert description (s) and notifications

Alert Description Variables:

For event Rules:
EventDisplayNumber (Event ID):             $Data/EventDisplayNumber$ 
EventDescription (Description):               $Data/EventDescription$ 
Publisher Name (Event Source):              $Data/PublisherName$ 
EventCategory:                                    $Data/EventCategory$ 
LoggingComputer:                                $Data/LoggingComputer$ 
EventLevel:                                          $Data/EventLevel$ 
Channel:                                              $Data/Channel$ 
UserName:                                           $Data/UserName$ 
EventNumber:                                      $Data/EventNumber$ 
Event Time:                                          $Data/@time$

For event Monitors:
EventDisplayNumber (Event ID):            $Data/Context/EventDisplayNumber$ 
EventDescription (Description):              $Data/Context/EventDescription$ 
Publisher Name (Event Source):             $Data/Context/PublisherName$ 
EventCategory:                                    $Data/Context/EventCategory$ 
LoggingComputer:                                $Data/Context/LoggingComputer$ 
EventLevel:                                         $Data/Context/EventLevel$ 
Channel:                                             $Data/Context/Channel$ 
UserName:                                          $Data/Context/UserName$ 
EventNumber:                                     $Data/Context/EventNumber$ 
Event Time:                                         $Data/Context/@time$

For Repeating Event Monitors:
EventDisplayNumber (Event ID):              $Data/Context/Context/DataItem/EventDisplayNumber$
EventDescription (Description):                $Data/Context/Context/DataItem/EventDescription$ 
Publisher Name (Event Source):              $Data/Context/Context/DataItem/PublisherName$ 
EventCategory:                                      $Data/Context/Context/DataItem/EventCategory$ 
LoggingComputer:                                  $Data/Context/Context/DataItem/LoggingComputer$
EventLevel:                                            $Data/Context/Context/DataItem/EventLevel$ 
Channel:                                                $Data/Context/Context/DataItem/Channel$ 
UserName:                                             $Data/Context/Context/DataItem/UserName$ 
EventNumber:                                         $Data/Context/Context/DataItem/EventNumber$
  
Performance Threshold Monitors:
Object (Perf Object Name):                    $Data/Context/ObjectName$ 
Counter (Perf Counter Name):                $Data/Context/CounterName$ 
Instance (Perf Instance Name):              $Data/Context/InstanceName$ 
*Value (Perf Counter Value):                  $Data/Context/Value$  
**Last Sampled Value                            $Data/Context/SampleValue$
*Value will show the actual performance value for simple and avg monitors.  It will show number of samples for consecutive threshold monitors. 
**Last Sampled Value works to show the last value evaluated in a consecutive sample value monitor.

Service Monitors:
Service Name                         $Data/Context/Property[@Name=’Name’]$ 
Service Dependencies             $Data/Context/Property[@Name=’Dependencies’]$ 
Service Binary Path                $Data/Context/Property[@Name=’BinaryPathName’]$
Service Display Name             $Data/Context/Property[@Name=’DisplayName’]$ 
Service Description                 $Data/Context/Property[@Name=’Description’]$

Logfile Monitors:
Logfile Directory :                  $Data/Context/LogFileDirectory$ 
Logfile name:                        $Data/Context/LogFileName$ 
String:                                  $Data/Context/Params/Param[1]$

Logfile rules:
Logfile Directory:                   $Data/EventData/DataItem/LogFileDirectory$ 
Logfile name:                        $Data/EventData/DataItem/LogFileName$ 
String:                                  $Data/EventData/DataItem/Params/Param[1]$

General:
To show the name of the Windows Computer host: 
$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$

Notifications:
$Data/Context/DataItem/AlertId$                                       The AlertID GUID 
$Data/Context/DataItem/AlertName$                                   The Alert Name 
$Data/Context/DataItem/Category$                                    The Alert category 
$Data/Context/DataItem/CreatedByMonitor$                       True/False 
$Data/Context/DataItem/Custom1$                                     CustomField1 
$Data/Context/DataItem/Custom2$                                    CustomField2 
$Data/Context/DataItem/Custom3$                                    CustomField3 
$Data/Context/DataItem/Custom4$                                    CustomField4 
$Data/Context/DataItem/Custom5$                                    CustomField5 
$Data/Context/DataItem/Custom6$                                     CustomField6 
$Data/Context/DataItem/Custom7$                                     CustomField7 
$Data/Context/DataItem/Custom8$                                     CustomField8 
$Data/Context/DataItem/Custom9$                                     CustomField9 
$Data/Context/DataItem/Custom10$                                  CustomField10 
$Data/Context/DataItem/DataItemCreateTime$                      UTC Date/Time of Dataitem created 
$Data/Context/DataItem/DataItemCreateTimeLocal$               LocalTime Date/Time of Dataitem created 
$Data/Context/DataItem/LastModified$                                 UTC Date/Time DataItem was modified 
$Data/Context/DataItem/LastModifiedLocal$                          Local Date/Time DataItem was modified 
$Data/Context/DataItem/ManagedEntity$                               ManagedEntity GUID 
$Data/Context/DataItem/ManagedEntityDisplayName$             ManagedEntity Display name 
$Data/Context/DataItem/ManagedEntityFullName$                   ManagedEntity Full name 
$Data/Context/DataItem/ManagedEntityPath$                          Managed Entity Path 
$Data/Context/DataItem/Priority$                                          The Alert Priority Number (High=1,Medium=2,Low=3)
$Data/Context/DataItem/Owner$                                           The Alert Owner 
$Data/Context/DataItem/RepeatCount$                                  The Alert Repeat Count 
$Data/Context/DataItem/ResolutionState$                               Resolution state ID (0=New, 255= Closed) 
$Data/Context/DataItem/ResolutionStateLastModified$                 UTC Date/Time ResolutionState was last modified 
$Data/Context/DataItem/ResolutionStateLastModifiedLocal$          Local Date/Time ResolutionState was last modified 
$Data/Context/DataItem/ResolutionStateName$                       The Resolution State Name (New, Closed) 
$Data/Context/DataItem/ResolvedBy$                                     Person resolving the alert 
$Data/Context/DataItem/Severity$                                          The Alert Severity ID 
$Data/Context/DataItem/TicketId$                                           The TicketID 
$Data/Context/DataItem/TimeAdded$                                       UTC Time Added 
$Data/Context/DataItem/TimeAddedLocal$                               Local Time Added 
$Data/Context/DataItem/TimeRaised$                                      UTC Time Raised 
$Data/Context/DataItem/TimeRaisedLocal$                              Local Time Raised 
$Data/Context/DataItem/TimeResolved$                                  UTC Date/Time the Alert was resolved 
$Data/Context/DataItem/WorkflowId$                                      The Workflow ID (GUID) 
$Data/Recipients/To/Address/Address$                                    The name of the recipient
The Web Console URL: 
$Target/Property[Type="Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer"/WebConsoleUrl$
The principalname of the management server: 
Target/Property[Type="Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer"/PrincipalName$
 Ref. Kevin Holman