Tuesday, February 16, 2016

[SCOM & Orchestrator] - Alert Forwarding

Let's analyse this scenario:

You want SCOM to forward alerts or open alerts as incidents in a third-party software.

Cons:
SCOM have a limitation when it comes to process alerts;
Only "Notification Pool Members" can manage notifications;
If your channel/subscrition relationship is heavy, you might get a problem - unmanaged alerts.

Pros:
All the Cons! :)

Now, the idea : (Thanks to a PFE friend! MD Thank you!)
What about SCOM just mark the alerts with some kind of tag, and then let Orchestrator listening for that tag, and let Orchestrator do the rest ?
So, for every subscription i've i call a powershell script based channel with this code : 
Param([string]$AlertId,[string]$subscriptionID)
Import-Module OperationsManager
$MySubId = $subscriptionID.toString()
$MyAlertId = $AlertID.toString()
$sub = (Get-SCOMNotificationSubscription -Id $MySubId).DisplayName
Get-SCOMAlert -Id $MyAlertId | Set-SCOMAlert -CustomField5 ":waiting" -CustomField6 $sub

On the other hand i've got a channel (command line) based, configured like this :
Full Path of the command line : C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
Command line parameters : -Command "& '"C:\OpsMgr\Powershell\Notifications\_OpsMgr_Set-SCOMAlert.ps1"'" -alertID '$Data/Context/DataItem/AlertId$' -subscriptionID '$MPElement$'
Startup folder for the command line : C:\Windows\system32\WindowsPowerShell\v1.0\


And i've got this runbook on the other side (Orch):

1) Create alerts on the other side :

2) Close alerts on the other side : (If a SCOM Alert gets closed!)

In my case i send a SNMP Trap to my "central" alarm system with specific identifiers, and when i do it i mark the "-CustomField5" as Forwarded just to make sure and let everyone know that my alarm was processed.

If you have any questions, just let me know! :)

Cheers
No comments:
Labels: , , , , , , , , , , , , ,

OpsMgr (SCOM) - Event Views on Web-Console ? Sure!

Well, it's possible! Don't worry!
Just create a new one grid dashboard with a powershell grid widget and paste the following code : 
 $Class = Get-SCOMClass -DisplayName 'Windows Server'$Instance = Get-SCOMClassInstance -Class $Class  
 $Events = Get-SCOMEvent -Instance $Instance -EventId 1074 | Sort-Object TimeAdded -Descending | Select -First 50  
 $i = 0  
 foreach ($Event in $Events) { 
 $EventDescription = 'User : ' + [string]$Event.Parameters[6] + ' || Type : ' + [string]$Event.Parameters[4] + ' || Reason : ' + [string]$Event.Parameters[5]  
 $TimeAdded = $Event.TimeAdded  
 $LoggingComputer = [string]$Event.LoggingComputer  
 $dataObject = $ScriptContext.CreateInstance("xsd://foo!bar/baz")  
 $dataObject["Id"]=$i.toString()  
 $dataObject["TimeAdded"]=$TimeAdded  
 $dataObject["LoggingComputer"]=$LoggingComputer  
 $dataObject["Description"]=$EventDescription  
 $ScriptContext.ReturnCollection.Add($dataObject)  
 $i++  
 }


I've made this for a event collection i've in a customer for restart events (1074) - you might change as you like.
And enjoy the show :)
No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)