I have recently worked on a project for a customer where SCOM was supposed to send alerts over to Service Manager only under certain circumstances. Here a similar scenario:
There were basically three different cases:
– Alerts generated by a limited set of custom rules
– Alerts generated by a certain group of servers
– General infrastructure High/Critical alerts
The challenge is to filter what is being sent over to SCSM and how to handle it on the other side. The SCOM connector, on the SCOM side, has some criteria that we could use. The one I’d was the management pack where where the rules was, but unfortunately, the rules were scattered in different MPs. And it would still be hard to categorize properly on the other side.
My fellow co-worker in the project suggested the categorization, on the SCOM side, by using Command Notifications. And I concurred. So, here’s the basics of the process:
We will create a notification channel (at least), that once triggered, will run a PS script and change the contents of the CustomFields in the alert, allowing for proper handling on the SCSM side. An interesting fact is that you can’t order the notifications on the SCOM side. They all end up happening, if they match the criteria.
First, get a Notification Channel in place:
Now, set the script parameters as below:
Remember that if you have more than one MS, create the scripts folder on all of them.
Having the script in place, let’s analyse case by case:
Custom Rules – in this case, all we needed was to create a subscription like this one:
What ended up happening is that the number of rules was too big (80+). It was still possible, but a bit annoying. Since we were handing custom built rules, I was able to set the contents of the CustomFields since the creation of the alert. So, my criteria ended up something like this:
Now, the rest of the subscription:
And in the rule:
Once this is triggered, here what you should see:
Now, on the Service Manager side, I have to configure the connector properly:
And here are your alerts, in a custom view:
In the second scenario, the Subscription would allow us to simply select a group from which the alerts were coming from and then categorize accordingly. Well, that was good, but…sometimes the custom rules would come from computers in this same specific groups. The problem is that we can’t set a precedence for the subscription rules, so we would not know which rule would run last and how the alert would be categorized in the end.
For that I had to come up with a strategy of multiple customfields. Stay tuned!