Correlating Alerts
Is it possible to correlate multiple alerts based on a given set of criteria? For example, we currently have the MPs installed for AD, DNS, and DHCP. Whenever a DC goes down, we get a few hundred alerts in SCOM: one for each DNS zone that went down, one for each DHCP scope, one for each other DC in the environment "seeing" the DC go down, one for each other DC losing a replication partner, etc etc. It's a bit much. Is there any way to correlate these alerts so that if the root object goes down (eg. the Windows computer object that hosts the rest of the components), SCOM "knows" to just alert us that the machine went down without alerting for all of the subcomponents? Note that we don't want to disable alerts for the subcomponents per se because we definitely want to know if there's a problem with any of them. We just don't need to know that all of the hosted components went down if the machine does. The DC scenario above is just an example. In the future, we'd like to do much more of this event correlation type of stuff. Any ideas? Thanks for the help!
October 7th, 2010 7:07pm

Hi There isn't an easy way to do this out of the box at the moment. The Exchange 2010 Management Pack has a correlation engine but it does come with some quirks and really needs some work. Hopefully for the future we might see improvements and cross management pack correlation ... if you have Opalis then you might be able to leverage this. Cheers GrahamCheers Graham View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
October 7th, 2010 9:59pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics