Attribute

Description

Alert Identifier

The value of the alert identifier is a combination of the resource type and a particular resource identifier.

_Applications_<applications resource name>_<application state>

_CPU_Usage

_Disks_<disks resource name>_Usage

_Memory_Usage

_Services_<services resource name>_<service state>

Alert Qualifier

The value of the alert qualifier is dependent on the alert.

Severity

The value is from the Severity property for the monitored resource in the resource policy.

Application

The value of the application is always “NT_Interface”.

Application Qualifier

The value is the name of the system where Windows Resource Monitor is executing.

Alert Text

The value is a message that includes information identifying the resource and the condition of the resource.

Attribute

Description

Alert Identifier

Identifies the software that logged the event and the event ID for the event. The software source can be either an application name or a component of the system, such as a driver name. The event ID is a Windows code number that helps Microsoft product support personnel track system events.

Alert Qualifier

Identifies the event log on the monitored Windows system. The event log name can be one of the following: System, Security, or Application. The system log records events logged by Windows system components. The security log records security events that help to track changes to the security system and any possible security breaches. The application log records events logged by application programs, such as file errors.

Severity

Indicates the severity of the alert. Windows event levels are mapped to Operations Sentinel severity levels as follows:

Application

Is always NT_Interface.

Alert Text

Provides the complete text from the applicable Windows event log.