Mining Windows Event Log

  Use Get-WinEvent to use XML and filters from event viewer, to mine an event, including examples for a specific string, from a specific event, in a specific event log?     Hopefully this post will help with a few tips to simplify monitoring for events, whether in AzMon, SCOM, or via PowerShell.     …

Don’t forget python as pre-req for agent install

  Hey guys, don’t forget python as pre-req for agent install!  Came across this again, where the docs site doesn’t mention python-ctypes as pre-req for agent install.  Let’s flip to GitHub for the agent.  GitHub lists the python pre-req here.  Otherwise, it’s Openssl 1.1.0 is only supported on x86_64 platforms (64-bit).     Let’s begin …

Troubleshooting Service Map pack

      Updated 14 Mar 2019   If you get these exceptions like me, the issue has been raised, with a deliverable targeted for SCOM2019UR1. Disable the rule to reduce noise.     Are you using Service Map Management pack, and getting errors?   This alert is based on the 46651/46652 event ID in …

Gather Log Analytics/MMA agent version

Had some questions come up from the community to check the Log Analytics agent version. Depending on how you are setup, the SCOM Integration makes this easy with Holman’s blog for the agent management pack. If you have admin right in Operations Manager console then you can check this directly from SCOM server: If you …

Azure Log Analytics for Windows Telemetry data

    I blogged about this last year here     As best practice, the Upgrade Analytics script checks for far more than just injecting the workspace key and telemetry value.     FYI – This could also be managed in an SCCM Compliance setting. Paul Fitzgerald – Platform PFE blogged about a non SCCM method here …

Test fire any event on any server from any application

Golden Oldies – always popular (tools vs music) Old Holman blog that’s still relevant, even more powerful than EventLog Explorer Basically anyone who wants to test fire events off a SCOM MP should use this tool. Event Create, write-eventlog all have limitations (certain event sources that can be used to create events, or event ID number …

Re-learn an old but still relevant tool – EventLog Explorer

  Sometimes we forget about tools that can make things easier.   Time to talk about EventLog Explorer.   Need to repro and test events for an installed program, to see what SCOM will handle? Read this old mom team blog, courtesy of Kevin Holman blog     I wanted to try it to test fire some …

Adding Management Solutions in Azure

Decoder ring applies!   OMS is Log Analytics is Azure Management Solutions.       Do you want to add solutions to your Azure subscription? Pre-packaged visuals and insights on your data, whether azure or hybrid.       Adding Management Solutions Login to the Azure Portal Click on All Services Type ‘solutions’, hit enter Click …

MMA Agent and SCOM Agent version numbers

  FYI – Updated 17 July 2020   This idea sprung from a discussion with Sr. PFE Brian Barrington, and it got me wondering…   FYI – If you’re running a SCOM agent, 2016 or above, various Log Analytics solutions may have pre-reqs.   OMS Gateway requires Microsoft Monitoring Agent (MMA) (agent version – 8.0.10900.0 or …

Installing and configuring the MMA agent via PowerShell

  GUI install option, see blog     Pre-reqs to build out an install script/package MMA agent executable Workspace ID Workspace Primary Key     Download MMA agent Click on Windows Servers from Connected Sources to download Windows Agent Click on Linux Servers from Connected Sources to download Linux Agent         Obtain WorkspaceID From …