4 years ago

[EventSource] FSLogix VHD Lock Alerts

Installation

1. Import the FSLogix Apps property source (L7K9XW) and create a new event source:

Name: FSLogix Locks
Applies to: hasCategory("FSLogixEnabled")
Type: Script Event
Script: Copy the code at the bottom of the post and save it as "fslogix.ps1". Upload this into LM and set these fields accordingly:
Windows Script: fslogix.ps1
Parameters: ##HOSTNAME##

Schedule: 5 minutes
Add a filter: Type: Message
Comparison: Contain
Value: locked

Clear after: 60 minutes (or however long you want)
Alert Messge:
Host: ##HOST##
Message: ##MESSAGE##
Detected on: ##START##

Note: Your collector will need permissions to view the event logs of the remote servers!

Result:

Save below as fslogix.ps1:

$hostname=$args[0]
$date = (Get-Date).AddMinutes("-5")

$eventlogs = Get-WinEvent -ComputerName $hostname -LogName "Microsoft-FSLogix-Apps/Operational" | ? { $_.timecreated -gt $date }

$object = New-Object System.Object
$object | Add-Member -MemberType NoteProperty events $events
$object.events = @()

foreach ($event in $eventlogs) {
    $obj = New-Object System.Object
    $obj | Add-Member -type NoteProperty -name happenedOn -Value $event.TimeCreated.ToString("yyyy-MM-ddTHH:mm:ss")
    $obj | Add-Member -type NoteProperty -name severity -Value $event.LevelDisplayName
    $obj | Add-Member -type NoteProperty -Name message -Value $event.Message
    $object.events += $obj
}
$output = $object | ConvertTo-Json
return $output

Forum Discussion

[EventSource] FSLogix VHD Lock Alerts

Related Content

Email Alerting

Eventsource

LM Portal Integration Events - EventSource to alert on Alerting Integration failures

Freqency of Alerts

Programmatic Ping Alert

Recent Discussions

LM Logs ingestion alerting

Datapoints configuration Discussion

Freqency of Alerts

SQL CERTIFICATE MONITORING

CERTIFICATES - GET ALL CERTIFICATES FROM SERVER