ShadowCopy Creation Failure Detection
Summary
This is a remote monitor that determines, by querying the event log, if event ID 12298 has occurred within the last 12 hours and returns the count.
Details
Suggested "Limit to": Windows Server, Workstations (Optional).
Suggested Alert Style: Once
Suggested Alert Template: Default - Create Ticket
Insert the details of the monitor in the table below.
| Check Action | Server Address | Check Type | Check Value | Comparator | Interval | Result |
|---|---|---|---|---|---|---|
| System | 127.0.0.1 | Run File | See Below | Equals | 43200 | 0 |
Check Value:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "(Get-EventLog -LogName Application | Where-Object {$_.TimeGenerated -gt (Get-Date).AddHours(-13) -and $_.EventID -eq '12298'}).count"
Dependencies
None.
Target
The suggested target for the monitor is Service Plan(s) for Servers and Workstations.
Examples:
- Windows Servers: Should be run on all Windows-based servers.
- Windows Workstations: Should be run on all Windows workstations (Optional).