Correlating Alerts
Is it possible to correlate multiple alerts based on a given set of criteria? For example, we currently have the MPs installed for AD, DNS, and DHCP. Whenever a DC goes down, we get a few hundred alerts in SCOM: one for each DNS zone that
went down, one for each DHCP scope, one for each other DC in the environment "seeing" the DC go down, one for each other DC losing a replication partner, etc etc. It's a bit much.
Is there any way to correlate these alerts so that if the root object goes down (eg. the Windows computer object that hosts the rest of the components), SCOM "knows" to just alert us that the machine went down without alerting for all of the subcomponents?
Note that we don't want to disable alerts for the subcomponents per se because we definitely want to know if there's a problem with any of them. We just don't need to know that all of the hosted components went down if the machine does.
The DC scenario above is just an example. In the future, we'd like to do much more of this event correlation type of stuff. Any ideas? Thanks for the help!
October 7th, 2010 7:07pm
Hi
There isn't an easy way to do this out of the box at the moment. The Exchange 2010 Management Pack has a correlation engine but it does come with some quirks and really needs some work. Hopefully for the future we might see improvements and cross management
pack correlation ... if you have Opalis then you might be able to leverage this.
Cheers
GrahamCheers Graham View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
October 7th, 2010 9:59pm