Monitoring Windows Services States is one of the most common requests that I’ve seen on forums, groups and blog posts. My fellow MVP and OMS expert Stefan Roth wrote a similar blog post titled OMS – Monitor Windows Services / Processes. I would suggest to check it out as well. The approach I will show is somehow already cover in official article that demonstrates custom fields in Log Analytics. The difference is that we now have the new rich Log Analytics search syntax so we do not need custom fields anymore. This approach also is different from Stefan’s as his one covers wider topic with monitoring processes by using performance counters. In this approach we will use windows events which Stefan mentions that is not reliable but he was referring to specific Event Id which I also agree it is not reliable. In the next steps I will use another Event Id that is reliable 100%. The advantage of using windows events for monitoring windows services states are:
- Only windows events are gathered which results in less data uploaded compared to performance data
You do not have to add performance counter for each process, you just need to add only one event log to monitor all services
The services are shown with their actual name that is used in services.msc or Get-Service cmdlet.
We have the actual state of the service when it happened
Some of the disadvantages of this method are:
- Until the service is started or stopped it will take at least 5 minutes until the data appears in Log Analytics
Continue reading “Monitoring Windows Services States with Log Analytics”
I’ve just released the latest version of this script you can find at GitHub. There is just a small fix provided by Lynne Taggart in this release. Basically Microsoft changed the layout of their download page once again so we needed a slightly different logic to pull the MP version and publish date information.
I’ve stumbled on a great article by Brandon Wilson named Demystifying Schannel on which he explains how we can enable verbose logging for Schannel to found out what protocols our machines are using. As I leave and breathe Log Analytics and love to crunch data I thought would be cool example if we can ingest that data into it and show you some cool example with the new query language on transforming data.
Continue reading “Find if You Are Using Only TLS 1.2 Protocol with Log Analytics”
I was testing the new Agent Health solution in OMS and I’ve noticed that I have two Heartbeat events generated at the same time for the same computer but having different values for SCAgentChannel field. At first I thought it was some kind of bug related that this server is connected to SCOM management group and the MG is connected to OMS but also the server has direct connection to Internet. Continue reading “Double Heartbeat Events in OMS Log Analytics”
I’ve been meaning to write this blog post for a long time. The reason for that is because since the first preview of OMS (Operational Insights back in the day) I’ve received question like “I’ve removed the Microsoft Monitoring Agent from my server but why I still see the server in OMS?” trough various channels. And btw if you wonder how long I’ve been using OMS today is exactly 2 years and 3 months since it was announced at TechEd North America 2014. I probably should be getting some honorable badge for this achievement . Back to the topic. While there are scenarios in which you can think of OMS like it is SCOM in many ways you should not and there is reason for that. I will try with this blog post to explain why and answer the above question. We can summarize the differences between Operations Management Suite and SCOM in the following statements: Continue reading “#MSOMS Is Not #SCOM”