SCOM 2012 – Using Alert Custom Fields

Original article can be found here: http://stefanroth.net/2012/04/17/scom-2012-using-alert-customfields/

This article also references: http://blogs.msdn.com/b/steverac/archive/2010/08/17/updating-custom-alert-fields-using-subscriptions-and-powershell.aspx

In today’s world of monitoring it is not always easy for people from the service desk or even for administrators to identify from which system is this alert being sent, who is responsible for the system and maybe in a multitenant environment to which company belongs this system/alert.

In my case a company which is hosting Active Directory domains and systems for different companys (customers) wanted to have company, server and contact information displayed on the alert notification. E.g. if server1.contoso.com is having a problem, the service desk must be able to identify to which company this server belongs and who they might need to contact.

To keep things as easy as possible I wrote a script which dumps the information into the custom fields of the alert and also sends a mail  containing all the needed information.

Steve Rachui has written a blog post about updating custom fields using subscriptions in SCOM 2007 R2.

Based on this I wanted to extend his approach to fit all my needs for SCOM 2012.

 

What’s going on

First I need a data source where I dump all the information about which server belongs to which company and who is the manager or contact. I decided to use a text file . It looks like this….

image

If an alert is being generated my script will be triggered and the information is dumped into the custom field1-3 and also into the mail footer.

Here I stopped the DNS Service on host kwsp1…

image

Alert properties…

image

…and the custom field information. Nice …

image

But look at my mail….isn’t it just cool?

image

If you think about it. You can add any additional information to an alert AND mail. This could be detailed company addresses, SLA information, 3rd level administrator information…whatever….

Setup

Create a text file company.txt and dump it on your management server’s c:\scripts folder. Enter all information you need according to this format. Add as many lines you need but make sure every server appears only once!

image

The next thing I set up a command channel according to Steve Rachui to execute my script. It goes like this….

image

 1: c:\windows\system32\windowspowershell\v1.0\powershell.exe
 2: -Command "& '"C:\scripts\AlertUpdateV10.ps1"'" '$Data/Context/DataItem/AlertId$'
 3: c:\windows\system32\windowspowershell\v1.0\

Next you need to set up the subscriber and the subscription. The subscription there you will define when the command will be triggered. In my case I selected all critical alerts…

image

…and my administrator as subscriber,

image

Of course as a last step the command channel…

image

Save this script on your management server e.g. in c:\scripts as AlertUpdateV10.ps1. This script needs the alert id as parameter.

AlertUpdateV10.ps1
  1.  
  2. Param(
  3. [parameter(mandatory=$true)][GUID] $alertid
  4. )
  5.  
  6. #Define path to the file containing the information. The header structure is server;company;manager. Append data separated by “;”.
  7. #e.g. the file looks like this
  8. #
  9. #server;company;manager
  10. #server1.domain.local;microsoft;Bill Gates
  11. #server99.domain.local;itnetx;Stefan Roth
  12. $infofile=“c:\scripts\company.txt”;
  13.  
  14. #Import the file
  15.   $infos=Import-Csv -delimiter “;” $infofile | Select server,company,manager;
  16.  
  17. #Check if the OperationsManager module is loaded
  18. $checksnap = Get-Module | Where-Object {$_.name -eqOperationsManager”};
  19.  
  20. if ($checksnap.name -neOperationsManager”)
  21.     {
  22.         Import-Module OperationsManager;
  23.     }
  24.  
  25. #Convert the alert ID and get the alert
  26. $alertid = $alertid.toString();
  27. $newalert = Get-SCOMAlert -Criteria “Id = ‘$alertid’”;
  28.  
  29. #Get the alert source server
  30. $server= $newalert.principalname;
  31.  
  32. #Check if the alert has information about the server where the problem occured.
  33. If (!$server){$server=“N/A”};
  34.  
  35. #Check if the customfield1 contains data, if not the alert has not been modified yet.
  36.     If (!$newalert.customfield1) {
  37.  
  38.         #Get the server name, company and manager information from the file and add it into the customfields
  39.         foreach ($info in $infos) {
  40.  
  41.         If ($server.tolower() -match $info.server.tolower()) { $newalert.customfield1 =$info.server; $newalert.customfield2 =$info.company;$newalert.customfield3 = $info.manager;$newalert.Update(“”);}
  42.  
  43.             }
  44.  
  45.         If (!$newalert.customfield2){$newalert.customField2 =“No customer information available”};
  46.  
  47.         }
  48.  
  49. #Configure mail settings
  50. #############################################
  51. $to=administrator@contoso.local;
  52. $from=SCOM@contoso.local;
  53. $smtpserver=“exchange.contoso.local”;
  54. $webconsoleserver=“webconsoleserver.contoso.local”;
  55. #############################################
  56.  
  57. #Map alert data to variables which will be used in the mail body
  58. $alertname=$newalert.name;
  59. $lastmodifiedby=$newalert.lastmodifiedby;
  60. $lastmodified=$newalert.lastmodified;
  61. $alertdescription=$newalert.description;
  62. $alertpath=$newalert.monitoringobjectpath;
  63. $alertsource=$newalert.monitoringobjectdisplayname;
  64. $customfield1=$newalert.customfield1;
  65. $customfield2=$newalert.customfield2;
  66. $customfield3=$newalert.customfield3;
  67. $alerturl=http://”+$webconsoleserver+“/OperationsManager?DisplayMode=Pivot&AlertID=”+“{“ + $newalert.id + “}”;
  68.  
  69. #Get alert resolutionstate
  70. switch ($newalert.resolutionstate)
  71. {
  72.         0 {$alertresolutionstate=“New”};
  73.         255 {$alertresolutionstate=“Closed”};
  74.  
  75. }
  76. #Define the body of the mail
  77. ############################################
  78. $body=@”
  79. Alert: $alertname
  80. Source: $alertsource
  81. Path: $alertpath
  82.  
  83. Last Modified By:   $lastmodifiedby
  84. Last Modified Date: $lastmodified
  85.  
  86. Alert Description:  $alertdescription
  87.  
  88. URL: $alerturl
  89.  
  90.  
  91.  
  92.  
  93. This alert belongs to the customer:
  94. =======================================
  95.  
  96. Server:  $customfield1
  97. Company: $customfield2
  98. Contact: $customfield3
  99.  
  100. “@
  101. ############################################
  102.  
  103.  
  104. #Build the subject line
  105. $subject=$alertname + ” – “ + “Severity: “ + $newalert.severity + ” / “ + $alertresolutionstate;
  106.  
  107. #Send mail
  108. Send-MailMessage -To $to -From $from -Subject $subject -SmtpServer $smtpserver -Body $body;

Download from this link:http://kb.kaminskiengineering.com/sites/kb.kaminskiengineering.com/files/support_files/AlertUpdateV10.txt

There is now only one problem. The Management Server Action Account will execute this script. And because of that I added the MSAA to the local Administrators group on the management server.

In addition I needed to set up a special permission on my Exchange Server 2010 to allow this account to send mail. If you don’t set this permission you will likely get an error “The server response was: 5.7.1 Client does not have permissions to send as this sender”.

I had to get the name of the receive connector in my case “Default EXC01”.

image

Then I executed this command in the Exchange Management Shell to set the permission…

add-adpermission “Default Exc01″ -User “Domain\MSAA Acount” -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

I am not using this approach in production yet. I am not sure how the performance will be if there are 500 and more monitored systems. I thought it is a great idea so i built it

Support File(s):