locked
Transfer custom information from SCOM to SCO RRS feed

  • Question

  • Hi,

    I posted this thread in the SCO part of the forum. Sorry for these who are following this forum, but I'm trying here as well. We never know that something interesting comes out here.

    I'm using SCO and SCOM 2012 SP1 in a Windows 2012 environment. I need to transfer some of the SCOM alerts to a Nagios/Opsview system.

    In order to do that, I'm trying to monitor all SCOM alerts in a Runbook, and get some information to do sort of a filter before sending data to Opsview. For this to work, we need this system to be very easy to maintain, and we don't want to stop the Runbook and edit some code whenever we have to add a new monitor.

    - I thought of using CustomFields so that each new monitor would just need to have something in common with the other ones, as they appear in the Published Datas. But apparently they only are usable in rules, not monitors.

    - I tried to use the CompanyKnowledge but it only works for custom made monitors. For sealed MP's monitors, it gathers ProductKnowledge instead.

    Now I'm a bit stuck. It would be great to just find a field exploitable in Orchestrator, or to find another way to filter my alerts.

    I hope someone will be able to help. In the mean time, enjoy your day.

    Regards,

    Nichoff

    Monday, May 13, 2013 12:19 PM

Answers

  • Hi

    I think the Problem you have is that you don't know what you want to filter respective what should be sent to nagios. What I mean is, you need to send a subset of alerts to Nagios or Opsview but this subset is not yet defined. What is the criteria for sending alerts to Nagios? If it is a random group of computers you need to send alerts from, you could probably build a group in SCOM, add those Systems and build a Powershell script which queries SCOM for alerts generated by these computers in the group. If the criteria is based on severity/priority of the alerts it is simple, you just use the filter list on the Get Alert activity. If you need just alerts generated from certain rules / Monitors then you could probably use PowerShell to query alerts generated by These monitors/rules and forward it to Nagios.

    If you don't want to stop the runbook everytime you add a criteria you need some sort of configuration file or database which the PowerShell script queries everytime the runbook runs I mean you would add additional monitor/rule names into this configuration file/db. When the runbook starts it queries first the configuration source and then checks SCOM for the alerts. I hope this is clear what I mean.

    By mentioning PowerShell script I am thinking of building a PoSH script and run it using the Run .NET activity in Orchestrator.

    OK? What is the criteria to Forward alerts to the other Systems?

    Cheers,

    Stefan


    Blog: http://blog.scomfaq.ch

    • Marked as answer by nichoff Thursday, May 23, 2013 7:15 AM
    Wednesday, May 22, 2013 5:33 AM
  • Hi,

    There's no particular criteria. That was my problem. The alerts can come from sealed or custom MPs, be from any severity and from any state, have any name and be Hardware or Software.

    Today, in this infrastructure, SCOM monitors Citrix and Exchange servers. Tomorrow, it will monitor DCs, SQL servers and probably other things. And maybe one day they won't use Nagios and Opsview anymore...

    So now, what we did :

    - Create a custom view in SCOM with all monitors and rules wanted

    - Create a first Runbook that runs every x minutes. This Runbook runs a .NET activity and gets the view in PS script. With this view we manage to get all monitors/rules IDs and store them in a file on a network storage.

    - Create a second Runbook that runs each time it detects an alert of any type. compare its monitor/rule ID to the ones stored in the list. If it finds a match carries on an use the NSCA command to send it to Opsview.

    This solution works fine and is completely automatic. If someday we need to add or remove monitors/rules from downloaded or custom MPs, SCO will continue to work and adapt its list of IDs.

    • Marked as answer by nichoff Thursday, May 23, 2013 7:18 AM
    Wednesday, May 22, 2013 6:33 AM

All replies

  • Hi

    I think the Problem you have is that you don't know what you want to filter respective what should be sent to nagios. What I mean is, you need to send a subset of alerts to Nagios or Opsview but this subset is not yet defined. What is the criteria for sending alerts to Nagios? If it is a random group of computers you need to send alerts from, you could probably build a group in SCOM, add those Systems and build a Powershell script which queries SCOM for alerts generated by these computers in the group. If the criteria is based on severity/priority of the alerts it is simple, you just use the filter list on the Get Alert activity. If you need just alerts generated from certain rules / Monitors then you could probably use PowerShell to query alerts generated by These monitors/rules and forward it to Nagios.

    If you don't want to stop the runbook everytime you add a criteria you need some sort of configuration file or database which the PowerShell script queries everytime the runbook runs I mean you would add additional monitor/rule names into this configuration file/db. When the runbook starts it queries first the configuration source and then checks SCOM for the alerts. I hope this is clear what I mean.

    By mentioning PowerShell script I am thinking of building a PoSH script and run it using the Run .NET activity in Orchestrator.

    OK? What is the criteria to Forward alerts to the other Systems?

    Cheers,

    Stefan


    Blog: http://blog.scomfaq.ch

    • Marked as answer by nichoff Thursday, May 23, 2013 7:15 AM
    Wednesday, May 22, 2013 5:33 AM
  • Hi,

    There's no particular criteria. That was my problem. The alerts can come from sealed or custom MPs, be from any severity and from any state, have any name and be Hardware or Software.

    Today, in this infrastructure, SCOM monitors Citrix and Exchange servers. Tomorrow, it will monitor DCs, SQL servers and probably other things. And maybe one day they won't use Nagios and Opsview anymore...

    So now, what we did :

    - Create a custom view in SCOM with all monitors and rules wanted

    - Create a first Runbook that runs every x minutes. This Runbook runs a .NET activity and gets the view in PS script. With this view we manage to get all monitors/rules IDs and store them in a file on a network storage.

    - Create a second Runbook that runs each time it detects an alert of any type. compare its monitor/rule ID to the ones stored in the list. If it finds a match carries on an use the NSCA command to send it to Opsview.

    This solution works fine and is completely automatic. If someday we need to add or remove monitors/rules from downloaded or custom MPs, SCO will continue to work and adapt its list of IDs.

    • Marked as answer by nichoff Thursday, May 23, 2013 7:18 AM
    Wednesday, May 22, 2013 6:33 AM
  • Hi

    Ok, well it seems that you have Chosen a similar solution as I suggested.

    Cheers,

    Stefan


    Blog: http://blog.scomfaq.ch

    Wednesday, May 22, 2013 9:55 PM
  • Hi Stefan, indeed !

    I've marked your answer as a reply...

    Have a nice day.

    Thursday, May 23, 2013 7:16 AM