Event logs monitoring plays a crucial role in helping businesses maintain the security, reliability, and performance of their infrastructure. They serve as a diagnostic tool for identifying system errors, application crashes, or hardware failures. By proactively monitoring event logs, users can detect and respond to security threats, performance issues, and operational challenges in a timely manner, ensuring the uninterrupted operation of critical business systems and services.
By monitoring event logs in real-time, business users can quickly detect and diagnose issues, troubleshoot root causes, and implement timely fixes to minimize service disruptions and maintain high availability of IT services. This proactive approach to fault detection and resolution helps businesses reduce downtime, improve reliability, and enhance customer satisfaction.
In addition to monitoring Disks, NT Services, etc., BizTalk360 offers monitoring of Event Logs and configure rules based on your requirements. They are the logs that record specific events that happen within the environment. This article guides you on how to set up monitoring of Event Viewer in the SQL server using BizTalk360.
Monitoring the Event Viewer in SQL Server
In BizTalk360, the administrator can configure alerts for a particular event log/source(s) by defining a filter condition on the available event logs and request to be notified, when there are more than a specific number of alerts/warnings from the server. For instance, you can customize the alert in such a way that you must be notified when there has been a sequence of start/stops of the host instances in the past 30 minutes. Without being alerted, you may not know the frequent start/stops of the host instances and this could impact the performance of the environment or be a sign of other problems in the environment.
The administrators can set up monitoring for the event log by defining their filter conditions on the event logs available in the server. Filter conditions can be defined in the following event log fields:
- Event Log name
- Event Sources
- Event Id
- Event Log Description
In addition, the administrators can also monitor the event logs by entering the event id of a particular event or by providing an error string to look for in the event log descriptions field. Once the event log information is selected, the threshold violation settings can be entered. This is where you define the amount of found event log entries that match the created criteria for each type (Error, Warning, and Information) and the time span to be analyzed during each run of the monitoring service. If you want to ignore a certain type of event log entry from monitoring, you can specify a really large number for the threshold, this is a common approach used when excluding information alerts from monitoring.
Setting up monitoring for Event Logs
- Log in to the BizTalk360 application.
- Click 'Monitoring' in the navigation panel.
- Click the expand button against the 'Manage Mapping' tab and depending on the requirement, select the 'SQL Servers' link.
- Select the SQL Server for which you want to set up the monitoring of Event Log Entries.
- Select the Alarm name (see Manage Alarms) from the drop-down for which you would like to associate the alerts.
- At the tab pages at the top, select 'Event Logs'.
- Click the 'New Event Log Alert' button to set up monitoring for the event logs. You can customize your alert on a specific event log/source.
- In the configuration includes Event Log configuration and Monitoring Rules
- Event Log Configuration
- Threshold Configurations
1. Event Log Configuration
BizTalk Administrator wants to monitor different Events from multiple servers. For example, they might want to monitor the ESB from BizTalk Server at the same time they want to ensure the performance of the SQL Server & ENTSSO events from a separate SSO server and they also need to monitor the IIS from multiple BizTalk servers. In real-time, there is no option to monitor it with a single tool. To achieve this user can select SQL Server and ENTSSO in the event sources and the respective category in the event logs. User can also specify the Event ID's in specific.
2. Threshold Configuration
Let's assume that user wants to receive an alert if there are more than 10 errors (or) 10 warnings (or) 25 information events in the last 45 minutes. They can set the same values as in the threshold configurations. This helps users in knowing the required event log has occurred or not. This leads to a quick catch of issues raised in their environment that can be addressed promptly.
Click 'Save' to save the Event log alert information.
The above screenshots depicts that the SQL Server KOVLTP173 needs to be monitored for Application Event Log entries with event Id's 1008 and 30010. Alerts should be received in case, within a time frame of 45 minutes, more than 10 Errors or 10 Warnings or 25 Information events were received from Event Log Sources Application.
Dashboard and Notifications
Once the SQL server event logs are mapped for monitoring, the health status of the event logs will be shown in dashboard in a graphical tree view. If the threshold values configured for event logs mapped are violated, it will be listed in the errors and warnings along with the associated alarms. You can also navigate to the respective server's event logs on clicking them.
.gif)
In order to receive email notifications from BizTalk360 on the threshold violation alerts, you need to configure the SMTP settings under BizTalk360 Settings. Follow the steps in this article to be able to configure the SMTP settings in BizTalk360. You will receive an email notification with the exact details of the status of the BizTalk server event logs.
