SCOM: Differentiate Production from Non-Production Alerts


In your SCOM Management Group you might have Production and non-Production Servers. Or perhaps you have a sql server running production databases and non-production databases. How can you differentiate these alerts in your SCOM console? I’ll show you how this can be done by using a Group, a resolutionstate, a powershell script and a subscription.

Ingrediënts:

  • A group. Lets Name it “NonProdInstances”
  • A ResolutionState. Lets call it “NonProd”
  • A powershell script. This script will compare the Instance on which an alert is created vs. The instances in the “NonProdInstances” group.
  • A cmd subscription. This subscription will run a powershell script.

Lets start

1. Create your group.

TIP: I name my groups starting the Management Group Name or something like it. This makes it a bit easier to find my groups later on and lets me remember the groups i created. So “ISCOOL.NonProdInstances” will be my groupname.

This group will contain explicit members. These members can be about anything. I.e a specific Application Pool, a logical Disk, … Any instance of which i know that it is “Non-Production”

Leave the group empty for now and create it.


2. Create the “NonProd” ResolutionState with ID “10”

This is done under “Administration” => “settings” => “Alerts”


3. Make a powershell script. This script contains the logic of compairing  the instance in the alert with the instances in the group.

Param ([String]$AlertID,[String]$ManagedEntity)
Import-Module OperationsManager
#Get the Alert
$Alert = get-scomalert -Id $AlertID
#Get all the instances that are in the ISCOOL.NonProdInstances group
$Group = Get-SCOMGroup | where {$_.DisplayName -eq ‘ISCOOL.NonProdInstances’}
$NonProdInstances = $group.GetRelatedMonitoringObjects()
#compare the instance that is in the alert vs. the instances in the ISCOOL.NonProdInstances group
#and if the instance exists in the Group
#then we will update the ResolutionState to NonProd
if ($NonProdInstances.id -contains $ManagedEntity)
  {
 $Alert.ResolutionState = 10
   $Alert.Update(“Alert Updated by Subscription”)
   }

3. Make a Commandline Channel, Subscribers, Subscription
Here’s a good reference if you’re having problems with this
http://blogs.technet.com/b/fesiro/archive/2012/11/26/how-to-configure-command-notification-in-scom-2012-with-powershell-script.aspx

The Channel is the most important to get right. You can see that in the Command Parameters you must use
‘$Data/Context/DataItem/AlertId$’ this gives back the alertid to the script
And
$Data/Context/DataItem/ManagedEntity$ this gives back the instance on which the alert was made
c:\windows\system32\windowspowershell\v1.0\powershell.exe
“c:\scripts\ProdNonProd.ps1” ‘$Data/Context/DataItem/AlertId$’ $Data/Context/DataItem/ManagedEntity$
c:\windows\system32\windowspowershell\v1.0\



In the subscription we will add criteria to launch the script on every NEW alert.





That’s it. Now it’s time to see the result of our work.

I have 2 servers (server01 and server02) both containing a C: drive. Server01 is a real Production Server whereas Server02 is a Non-Production server.
I add the disk of Server02 to the “ISCOOL.NonProdInstances” group. Remember you can drop in anything here that you want to be marked as nonProduction (i.e. a database, application pool, website…)



Both disks are running out of space and …

The ResolutionState of the C: drive of server02 changes to NonPROD whereas the other one stays New.


Now you can use other methods based on this resolutionstate. You could i.e. create a view containing only Production or NonProduction Alerts.
Hope this helps,

Samuel.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s