Capture stdout and use in Notification Channel (Network Steve Forum)

Capture stdout and use in Notification Channel

Hi I'm just starting to use SCOM 2012 to monitor our AIX servers.

I have used the Linux Shell 2 state monitor to successfully capture an error like so:

SCX_OperatingSystem_OUTPUT
ReturnValue	TRUE
ReturnCode	0
StdOut	sysadmin: /opt at 95%

I'm trying to display the StdOut in my email notification. I've tried embedding this in the email without success

$Data/Context///*[local-name()="StdOut"]

I've also run a powershell Get-Member on the output of Get-ScomAlert

get-SCOMalert -Criteria "ResolutionState = 0 AND Severity = 2 AND IsMonitorAlert = 1" | Where-Object {$_.Id -eq "0d0f51a4-8be0-4b7d-80fa-ad3827f1308a"} | gm

And can't see any useful properties.

This is my first post here, thanks for any suggestions.

Regards

Jeremy

July 14th, 2015 12:21am

Hi, for monitor in alert description

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

and in E-mail Notification Channel you have

"Alert description: $Data[Default='Not Present']/Context/DataItem/AlertDescription$" by default

if not, just add it

Edited by Alexis YakovlevMicrosoft community contributor 15 hours 19 minutes ago

Free Windows Admin Tool Kit Click here and download it now

July 14th, 2015 10:04am

Hi, for monitor in alert description

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

and in E-mail Notification Channel you have

"Alert description: $Data[Default='Not Present']/Context/DataItem/AlertDescription$" by default

if not, just add it

Edited by Alexis YakovlevMicrosoft community contributor Tuesday, July 14, 2015 3:50 PM

July 14th, 2015 2:02pm

Thanks Alexis,

I already have "Alert description: $Data[Default='Not Present']/Context/DataItem/AlertDescription$" in the Email Notification Channel. It returns:

"Alert description: Please see the alert context for details."

This is not very useful to us.

If I add the below to the monitor in Alert Description I get -> "Alert description: {0}" returned.

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

I'd like to place std_output in the Email Notification Channel as it has the content of the error as determined by our in-house unix script.

Regards,

Jeremy

Edited by jdaniel3760 8 hours 40 minutes ago

Free Windows Admin Tool Kit Click here and download it now

July 14th, 2015 6:18pm

As I said, first you should place this

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

in monitor (alert description)

July 14th, 2015 6:22pm

Yes I updated my above reply to state that I put

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

in the Alert Description but it resolves to

{0}

which is not helpful.

Sorry about the confusion.

Free Windows Admin Tool Kit Click here and download it now

July 14th, 2015 6:57pm

did you reset the monitor after modification?

and where do you see Alert description: {0} in a console or in email and what does this return

$Data/Context/WsManData$

July 14th, 2015 7:46pm

Yes I reset the monitor to get a fresh notification.

I have this in the Alert Desc. in the monitor

$Data/Context/WsManData/*[local-name()='SCX_OperatingSystem_OUTPUT']/*[local-name()='StdOut']$
$Data/Context/WsManData/*[local-name()='SCX_OperatingSystem_OUTPUT']$
$Data/Context/WsManData$

When I see the alert generated I see this resolved as

{0}

{1}

{2}

I get the same values in the email.

Free Windows Admin Tool Kit Click here and download it now

July 14th, 2015 8:09pm

do you see correct value in console? in alert description

http://ok-sandbox.com/2014/11/scom-subscription-issue-notification-contains-indexed-placeholder-instead-value-alertname/

July 14th, 2015 8:52pm

That link looks like my issue. I'll work on it.

From Powershell:

Get-SCOMAlert -ID "84f987e6-344e-476d-a4b7-dccb6a66d6f3" | format-list *

<cut>

ontext                           : <DataItem type="Microsoft.SystemCenter.WSManagement.WSManData" time="2015-07-15T08:10:30.3653929+10:00"
                                    sourceHealthServiceId="E84B6A62-76EC-54A1-5C15-7A6A00984102"><WsManData><p:SCX_OperatingSystem_OUTPUT xml:lang="" xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-
                                    schema/2/SCX_OperatingSystem"><p:ReturnValue>TRUE</p:ReturnValue><p:ReturnCode>0</p:ReturnCode><p:StdOut>sysadmin: /home at 85%
                                    </p:StdOut><p:StdErr /></p:SCX_OperatingSystem_OUTPUT></WsManData></DataItem>

So there is data there! Thanks again.

Free Windows Admin Tool Kit Click here and download it now

July 14th, 2015 9:33pm

Thanks Alexis,

I already have "Alert description: $Data[Default='Not Present']/Context/DataItem/AlertDescription$" in the Email Notification Channel. It returns:

"Alert description: Please see the alert context for details."

This is not very useful to us.

If I add the below to the monitor in Alert Description I get -> "Alert description: {0}" returned.

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

I'd like to place std_output in the Email Notification Channel as it has the content of the error as determined by our in-house unix script.

Regards,

Jeremy

Edited by jdaniel3760 Tuesday, July 14, 2015 10:30 PM

July 14th, 2015 10:16pm

I found using

$Data/Context/DataItem/Context$

In the email channel gives:

TRUE0sysadmin: /home at 85%

Is there any way of manipulating this string in the email channel? Or should I use a command channel?

I haven't worked out what I can use in the Alert Description as yet.

Regards

Jeremy

Free Windows Admin Tool Kit Click here and download it now

July 14th, 2015 11:48pm

Hi, just checked in test environment

1. Created Unix/Linux Shell two-state monitor

Command: netstat -nat | grep :::1521

Alert Description: $Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

2. Created Subscription with the following email command channel

Email Message:

Alert description: $Data[Default='Not Present']/Context/DataItem/AlertDescription$
Context: $Data/Context/DataItem/Context$

When I receive an alert, I can see the following inf. in my email.

Alert description: tcp 0 0 :::1521 :::* LISTEN

Context: TRUE0tcp 0 0 :::1521 :::* LISTEN

Everything is correct with AlertDescription, just StdOut.

And as for Context it also includes ReturnValue and ReturnCode (TRUE0)

tested using scom 2012 r2 UR6

So Check your scom version and Get-SCOMAlert -id "guid" | select Description, UnformattedDescription

July 15th, 2015 8:27am

I found using

$Data/Context/DataItem/Context$

In the email channel gives:

TRUE0sysadmin: /home at 85%

Is there any way of manipulating this string in the email channel? Or should I use a command channel?

I haven't worked out what I can use in the Alert Description as yet.

Regards

Jeremy

Yes for further manipulation command channel can be used, no such string manipulation in email message of email channel

Free Windows Admin Tool Kit Click here and download it now

July 15th, 2015 8:31am

Hi Alexis,

We are SCOM UR6 - the unix agent reports as 1.5.1-160

I might try on a linux box - perhaps AIX is the issue?

Thanks so much for all your help so far.

Regards,

Jeremy

July 15th, 2015 6:46pm

OK I ran a shell script on a Centos 6.3 box - which produces "Error"

My email NOTIFICATION channel contains:

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

$Data/Context/DataItem/Context$

I get blank for the first command and

TRUE0Error

Conclusion - its A SCOM issue not AIX.

Free Windows Admin Tool Kit Click here and download it now

July 15th, 2015 7:03pm

here's the result of the powershell....

Get-SCOMAlert -id "84f987e6-344e-476d-a4b7-dccb6a66d6f3" | select Description, UnformattedDescription

Description                                                                                          UnformattedDescription
-----------                                                                                          ----------------------
{0}                                                                                                  {0}

July 15th, 2015 7:09pm

Hi Alexis,

I may be on the way to closing this issue.

I re-created the unsealed MP for the Unix Shell Script and re-created the monitor and am now getting the std_output in Alert Description using:

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

I'll do some more testing & I still have to confirm the email channel notification is OK, but it s look promising.

Thanks for all your help

Free Windows Admin Tool Kit Click here and download it now

July 16th, 2015 12:31am

OK The email notifications are fine now.

The fix was re-create the unsealed MP - which must have been corrupted.

Then as per Alexis's original response

for monitor in alert description

$Data/Context/WsManData/*[local-name(.)='SCX_OperatingSystem_OUTPUT']/*[local-name(.)='StdOut']$

and in E-mail Notification Channel you have

"Alert description: $Data[Default='Not Present']/Context/DataItem/AlertDescription$" by default

Please consider this problem solved.

THANKS Alexis!

July 16th, 2015 1:23am

This topic is archived. No further replies will be accepted.