Use this Knowledge Script to periodically scan the Directory Service log for Active Directory replication errors. This script raises an event if any Active Directory replication errors are found.
During the first monitoring interval, the value you specify for the Directory Service log entries to scan parameter determines how far back in the log to check for matching entries. As the script continues to run at subsequent intervals, it checks for any new entries created since the last time the log was checked.
You can further restrict the types of log entries that raise an event by using the Filtering parameters:
Use the Event Type parameters to search only certain types of events, such as Warning events.
Use the Other parameters to search only for specific information, such as events associated with a specific user or computer name.
Each time this script runs, it checks the Directory Service log for entries matching your selection criteria and raises an event if matching entries are found. The event detail message returns the text of the log entries found. When this script is set to collect data, it returns the number of log entries found, and the data point detail message returns the text of the log entries.
Active Directory domain controller
The default interval for this script is Every hour.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
General Settings |
|
|
Raise event if job fails |
|
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the ReplEventLog job fails. The default is 35. |
|
Monitor Directory Service log for replication events |
|
|
Raise event if matching log entries found? |
Select Yes to raise an event if log entries are found that match the filters you set. The default is Yes. |
|
Start with events in past |
Set this parameter to control checking for the first interval, after which, checking is incremental:
The default is 0. |
|
Filtering |
|
|
Event Types |
|
|
Error |
Select Yes to monitor Error entries. The default is Yes. |
|
Warning |
Select Yes to monitor Warning entries. The default is unselected. |
|
Information |
Select Yes to monitor Information entries. The default is unselected. |
|
Success Audit |
Select Yes to monitor Success Audit entries. The default is unselected. |
|
Failure Audit |
Select Yes to monitor Failure Audit entries. The default is unselected. |
|
Other |
|
|
Filter -- Category |
To monitor events in a particular category, such as Server or Logon, enter an appropriate search string. This script looks for matching entries in the Directory Service Log’s Category field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- Event ID |
To monitor particular event IDs, enter an appropriate search string or ID range, for example 100-2000. This script looks for matching entries in the Directory Service Log’s Event field. Multiple IDs and ranges can be entered separated by commas (for example: 1,2,10-15,202). The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- User |
To monitor events associated with a particular user, enter an appropriate search string, for example, DomainName\UserName. This script looks for matching entries in the Directory Service Log’s User field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- Computer |
To monitor events generated by a particular computer, enter an appropriate search string. This script looks for matching entries in the Directory Service Log’s Computer field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Filter -- Description |
To monitor events with a particular detail description or containing keywords in the description, enter an appropriate search string. This script looks for matching entries in the Directory Service Log’s Description field. Multiple strings can be entered separated by commas. The search string can contain criteria used to include entries, exclude entries, or both. Separate the include and exclude criteria with a colon (:). If you are specifying only include criteria, the colon is not necessary. |
|
Event Notification |
|
|
Maximum number of entries per event message |
Set the maximum number of Directory Service log events that can be returned in each event report. For example, if this value is set to 30 and 67 Directory Service log events are found, then three event reports are raised: two reports containing 30 events and one report containing seven events. The Message column on the Events tab in the Operator Console displays the number of events in each event report, the type of log the events are from, and the event report batch number. The batch number is the sequential number of the event report. Batch numbers start at 1 for each Knowledge Script iteration. The default is 1 entry. |
|
Event severity when new log entries found |
Set the severity level, from 1 to 40, to indicate the importance of an event in which new log entries are found. The default is 10. |
|
Data Collection |
|
|
Collect data for number of matching entries found? |
Select Yes to collect data for charts and reports. If enabled, data collection returns the number of Directory Service Log entries that match your filtering criteria. Additional information is supplied in the data detail message. The default is unselected. |