Hello,

As part of our Management Pack Life Cycle Management Process, I need to identify the alerts meeting the following criteria:

1.       Generated from objects hosted by a specific subset of Management Packs (ex.: Windows Server 2003 & Windows Server 2008 (Monitoring))

2.       With a particular subset of “Severities” (ex.: Severity = Critical | Warning)

3.       With a particular subset of “Priorities” (ex.: Priority = High)

Alert Views

Though I can scope an alert view by severity & priority, I cannot scope by source Management Pack.  I therefore see alerts from all Management Packs! L

Alert Report

Though the Alerts report (under Microsoft generic Report Library) allows me to scope by Severity & Priority, here too I cannot scope by source Management Pack.

I guess ideally, I would either:

1.       Create a new report, allowing me to specify the desired criteria; or

2.       Build & run a SQL statement that would extract the information directly from the database

The problem is that I haven’t yet gained enough experience with OpsMgr to build either of them.

Looking forward to hearing from someone,

Larry

As no one replies to this. it feels like the ancient question what a mp monitors. Eventhough you could extract the names or something it is going to be a lot of information which no one ever looks at. And even if they do, it's not really helpful as you stil don't know what is being monitored exactly.

As i got this question repeatedly from customers before, i'd extracted all the rules (just the names) from all mp's for mom2005 once. It resulted in a 600 page document. I'm pretty sure none of my customers has ever read it. For SCOM i just tell them to read the mp guides and if they have questions after that i'll happily answer them (no one ever has a question, bc that's even more to read :)).

Besides a sealed mp garantuees you have the same rules and monitors in the next version, allthough the might be altered/disabled. Usually alterations will be mentioned in the mp guide. only be careful when you need to delete the old mp, this is when you know there are big changes.

Hello,

My appologies for not being clear in my original message.  In a nutshell, I simply need to be able to identify the alerts that were generated according to the following criteria:

1.       Generated from objects (i.e. Rules & Monitors) hosted by a specific subset of Management Packs (ex.: Windows Server 2003 & Windows Server 2008 (Monitoring))

2.       With a particular subset of “Severities” (ex.: Severity = Critical | Warning)

3.       With a particular subset of “Priorities” (ex.: Priority = High)

4.       Within a particular date range (ex.: within the last 14 days)

Hi Larry

Try the following:

# Name of Root Management Server 
$RMS="XXXXXXXXXXXXXXXX" 

# Initialise OpsMgr Provider 
write-Host 
write-Host "Executing UpdateAlerts.ps1 ..." 
write-Host 
## prepare OpsMgr shell 
if ((Get-PSSnapin | Where-Object {$_.Name -eq 'Microsoft.EnterpriseManagement.OperationsManager.Client'}) -eq $null) { 
 Write-Host 
 Write-Host "File loaded." 
 Write-Host "Initializing shell for operations manager..." 
 Write-Host "Add Microsoft.EnterpriseManagement.OperationsManager.Client snap in." 
 Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client -ErrorAction SilentlyContinue -ErrorVariable Err
 if ($Err) { $(throw write-Host $Err) } 
} 
if ((Get-ManagementGroupConnection | Where-Object {$_.ManagementServerName -eq $RMS}) -eq $null) { 
 Write-Host "Connect to Management Server: $RMS" 
 New-ManagementGroupConnection $RMS -ErrorAction SilentlyContinue -ErrorVariable Err 
 if ($Err) { $(throw write-Host $Err) } 
} 
if ((Get-PSDrive | Where-Object {$_.Name -eq 'Monitoring'}) -eq $null) { 
 Write-Host "Create Monitoring drive from Provider." 
 New-PSDrive -Name: Monitoring -PSProvider: OperationsManagerMonitoring -Root: \ -ErrorAction SilentlyContinue -ErrorVariable Err
 if ($Err) { $(throw write-Host $Err) } 
 Write-Host "Operations manager shell initialized." 
 Write-Host 
} 
Set-Location Monitoring:\$RMS 

# Rules - Alert Name, Severity, Priority, Management Pack

get-alert -criteria 'PrincipalName is not null and ResolutionState = ''0'' and IsMonitorAlert=''False''' |

select-object name, Severity, Priority, @{Name="ManagementPack"; Expression={((get-rule $_.monitoringruleid).getmanagementpack()).displayname}} |

Export-csv c:\temp\listalertsfromrules.csv

# Monitors - Alert Name, Severity, Priority, Management Pack

get-alert -criteria 'PrincipalName is not null and ResolutionState = ''0'' and IsMonitorAlert=''True''' |

select-object name, Severity, Priority, @{Name="ManagementPack"; Expression={((get-monitor $_.problemid).getmanagementpack()).displayname }} |

Export-csv c:\temp\listalertsfrommonitors.csv

It works for me (at the moment it lists all alerts with resolution state = 0 but you can change the -criteria clause to amend that). You could also add filters for different priorities and severities and I guess add on date ranges ... but lets check the base script works for you first!

Just a few things you'll need to amend in the script:

1) The RMS is defined in the second line - you'll need to specify your RMS

2) I have saved the output to a folder c:\temp - either create such a folder or change the file output path

Let us know how it goes.

Cheers

Graham

Good morning Graham,

First off, I really appreciate you taking the time to include the script.  I am modifying it to our needs and will post the resulting PowerShell commands shortly...

I noticed however that:

1 - in the case of rule-generated alerts, you refer to the alert's MonitoringRuleId field; and

2 - in the case of monitor-generated alerts, you refer to the alert's ProblemId field

Though thus far, every alert I have viewed appeard to have the same values for both of these fields.  Upon closer investigation however, I currently have > 4,500 alerts where MonitoringRuleId <> ProblemId and > 10,000 alerts where MonitoringRuleId = ProblemId.  In which case would MonitoringRuleId <> ProblemId?

Thanks,

Larry

Hi Larry

I have to admit that I was told a couple of years back to use ProblemID for monitors and MonitoringRuleID for rules and strangely for me I just accepted it ;-(

I don't have a system to hand to actually double check at the moment but is it that MonitoringRuleID=ProblemID for rules but not for monitors? I can look on a test system tomorrow to see if that is the case.

I'm actually off on holiday in a couple of days so if we need to work on this some more I'd suggest taking it offline and dropping me an email in a couple of weeks time - grahamDOTdaviesATakcslDOTcom - we can then pick this up when I return.

Cheers

Graham

Was the discrepancy for ProblemID vs MonitoringRuleID for MONITORS ever addressed in this thread?  I do not see any further information.

I am building an Orchestrator Connector and accompanying Powershell scripts that has similar requirements.  What was the verdict on this Graham?