Earlier this year I was talking with a customer about Windows servers which unexpectedly shutdown and how to collect info and be able to see a pattern of the crashes. My very good friend Urban Österberg did a great job in doing a great management pack that save crash info and collect the info if the severs are doing an unexpected shutdown/crash.
The Management Pack contain one Rule, which is using a script and registry to check and save information about the shutdown.
The rule are enabled by default, please override it if you only want to check specific servers.
When the Alert show up please have a closer look..
And in the Alert description you find information about earlier shutdowns In registry you are able to manage Logging and see info of the last check for unexpected shutdowns.
Please feel free to download this great Management Pack and use this to find those servers that are behaving badly…
Have a great christmas and please remember to relax and enjoy the holidays
Download MP
[download id=”231″]
Thank you Urban – Very nice work.
Kåre Rude Andersen
I have your MP imported on a SCOM 2012 R2 RU3 environment. In addition I created an Alert View with the following:
Name: Unexpected Server Shutdowns
Description: Unexpected server shutdown alerts.
Condition: Created by specific sources
Criteria Description: created by CT Unexpected Shutdown Alert Rule
Any reason why this wouldn’t work?
Any responses appreciated.
tia
Thanks for sharing. If you use “Get-WinEvent -FilterHashtable @{logname=’system’; id=6008;StartTime=Get-Date($sDate)}” instead of “get-eventlog” the runtime of the script will decrease significantly (with “Get-Eventlog” 101.4 seconds, with “Get-WinEvent” only 1.3 seconds)
Best regards,
Martin
http://www.blackhatlinks.com/index_wiki.php
gonmnqwqs uzygw elskbsq uqqv ydwnuljvuqkcbpb