Share via

Developing Events for MOM

  • Article

There are several ways that developers can make their applications easier to monitor from a MOM Management Pack.

Most important, you should always expose some form of event and performance information about your application. An application that does not expose any form of instrumentation data will be very difficult, if not impossible, to monitor.

Available Instrumentation Technologies

Event log entries are considered one of the best sources of data for MOM. Rules for Windows NT events are easily created and the event entries usually offer sufficient information to identify and correct problem conditions.

Previous versions of Visual Basic and Visual C++ offer easy-to-use libraries for writing to the Windows event log. The .NET Framework Class Library also includes useful classes and interfaces for writing to the Windows NT event log in the System.Diagnostics Namespace.

WMI was designed specifically for exposing and unifying access to computer hardware and software, and a WMI provider allows your application to share data and events through the existing WMI infrastructure and APIs. Because WMI allows users to modify data, you might be able to provide opportunities for rules to automatically resolve the problem using a script response. For more information about creating a WMI provider, see Providing Information to WMI in the WMI SDK. The System.Management.Instrumentation Namespace of the .NET Framework Class Library includes classes and interfaces for creating WMI providers.

Creating Events for MOM

Windows NT event log entries should do the following:

  • Use a unique ID number for each type of event raised. Do not reuse the same ID number to describe different error conditions. Without unique ID numbers, your events will be ambiguous and other fields must be examined to determine what condition the event represents.
  • The source field should always correspond to your application.
  • The category field should be used. It might be useful when filtering or grouping MOM alerts.
  • Do not rely on the description field as a replacement for other fields. The performance on the server running MOM and computers running the MOM agent is reduced when a complex pattern matching expression is applied to strings in the description field. Beyond providing useful troubleshooting information, the description field is necessary in certain MOM rules, especially when consolidating similar events.

For more recommendations about creating events and rules that are easy to globalize, see the MOM Management Pack Development Guide.

Event types should be consistent in the same way that MOM alert severities should have an agreed upon meaning. Whenever possible, developers and MOM administrators should work together to develop guidelines that make it easier to determine which events are important and how the event type maps to alert severity levels.

See Also

Event Logging | Performance Data | Diagnostic Hooks | Tracing and Instrumenting Applications in Visual Basic and Visual C# | Manageability | Providing Information to WMI | WMI SDK | Instrumenting Windows NT Applications with Performance Monitor | Performance Monitoring SDK