none
SCOM - Which Event ID's are being monitored? RRS feed

  • Question

  • When I run the command: Get-SCOMMonitor | select DisplayName, Configuration | Export-Csv "C:\Temp\monitors.csv"

    I get the all the Configuration information for each Monitor.

    However when I run the command: Get-SCOMRule | select DisplayName, Configuration | Export-Csv "C:\Temp\rules.csv"

    I only get the DisplayName info and the Configuration is blank.

    Please can anyone advise how to get the Configuration information for Rules. I can then search for specific Event ID's and confirm if they are being monitored in SCOM.

    Thursday, November 14, 2019 11:36 AM

All replies

  • Hi,

    You could try using one of the scripts below made by Stefan and Tyson, they should give you all the effective monitoring configuration for for both monitors and rules in your SCOM environment.

    SCOM 2012 – Effective Configuration Viewer The PowerShell Way
    https://www.stefanroth.net/2014/02/13/scom-2012-effective-configuration-viewer-the-powershell-way/

    SCOM: Export Effective Monitoring Configuration with PowerShell
    https://gallery.technet.microsoft.com/scriptcenter/ExportEffectiveMonitoringCo-05d58912

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Thursday, November 14, 2019 2:04 PM
  • Hi,

    This is the expected behavior. Powershell returns object and its properties.

    If we get a single rule via

    get-scomrule -id 23cd01c6-fb7f-e5a8-adaf-001690e980f4 | export-csv c:\temp\single_rule.csv

    it returns the following properties:

    Category
    Comment
    ConditionDetection
    ConfirmDelivery
    DataSourceCollection
    Description
    DiscardLevel
    DisplayName
    Enabled
    HasNonCategoryOverride
    Id
    Identifier
    InstanceName
    LanguageCode
    LastModified
    ManagementGroup
    ManagementGroupId
    ManagementPack
    ManagementPackName
    Name
    Priority
    Remotable
    Sealed
    Status
    Target
    TimeAdded
    WriteActionCollection
    XmlTag



    However, it we use get-scommonitor -id, it returns the following properties:


    Accessibility
    AlertSettings
    Category
    Comment
    Configuration
    ConfirmDelivery
    Description
    DisplayName
    Enabled
    HasNonCategoryOverride
    Id
    Identifier
    InstanceName
    LanguageCode
    LastModified
    ManagementGroup
    ManagementGroupId
    Name
    OperationalStateCollection
    ParentMonitorID
    Priority
    Remotable
    RunAs
    Status
    Target
    TimeAdded
    TypeID
    XmlTag


    the screenshot for your reference. To get the configuration, we may Leon's suggestion to see if it helps.




    Hope the above information helps.

    Regards,

    Alex Zhu
    -----------------------------------------------
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Friday, November 15, 2019 9:00 AM
  • It's simply because the configuration for a rule is located in a different property : 

    get-scomrule -DisplayName "whatever rule" | select -Property DisplayName,@{Name = "Configuration"; Expression = {$_.datasourcecollection.configuration}}


    Friday, November 15, 2019 10:34 AM
  • Hi,

    Thanks for the feedback.

    I ran the 'Export-SCOMEffectiveMonitoringConfiguration' command, however there is no sign of the Configuration of the rule or monitor?

    Object Type (Class Name)|Object Name (Instance Name)|Rule/Monitor Name|Enabled|Generates Alert|Alert Severity|Alert Priority|Type|Description|Overridden|Parameter Name|Default Value|Effective Value|Parameter Name|Default Value|Effective Value|Parameter Name|Default Value|Effective Value|Parameter Name|Default Value|Effective Value|Parameter Name|Default Value|Effective Value
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.SystemCenter.Apm.ApmAgentAvailabilityState|true|False|N/A|N/A|Monitor|This monitor rolls up the availability health of APM Agent hosted by this computer.|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.SystemCenter.Apm.ApmAgentConfigurationState|true|False|N/A|N/A|Monitor|This monitor rolls up the configuration health of APM Agent hosted by this computer.|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.SystemCenter.Apm.ApmAgentPerformanceState|true|False|N/A|N/A|Monitor|This monitor rolls up the performance health of APM Agent hosted by this computer.|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.SystemCenter.Apm.ApmAgentSecurityState|true|False|N/A|N/A|Monitor|This monitor rolls up the security health of APM Agent hosted by this computer.|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.SystemCenter.Ping|false|True|Error|Normal|Monitor|This monitor pings a agentless computer using an ICMP ping. If the computer is agent-managed, it pings itself locally.|False|Frequency|300|300|ResponseTimeThreshold|5000|5000
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.Windows.Computer.DependOnACS.Collector.AvailabilityRollup|true|False|N/A|N/A|Monitor|This monitor rolls up healths from Audit Collection Service contained in the Windows Computer.|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.Windows.Computer.WindowsComputerRole.AvailabilityRollup|true|False|N/A|N/A|Monitor|This monitor rolls up the availability health of all Windows Computer Role objects hosted by this computer|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.Windows.Computer.WindowsComputerRole.ConfigurationRollup|true|False|N/A|N/A|Monitor|This monitor rolls up the configuration health of all Windows Computer Role objects hosted by this computer|False
    Microsoft.Windows.Computer|HOSTNAME|Microsoft.Windows.Computer.WindowsComputerRole.PerformanceRollup|true|False|N/A|N/A|Monitor|This monitor rolls up the performance health of all Windows Computer Role objects hosted by this computer|False


    • Edited by Jay7861 Monday, November 18, 2019 12:03 PM
    Monday, November 18, 2019 12:02 PM
  • Hi,

    This is normal. 

    In operations manager, rule/monitor is configurations (we may think it as collections of criteria definition, for example, 30% free disk space, 1000 MB free disk space, 85% CPU load, etc.)

    Upon the configurations, when the object (for example, a logical disk) is discovered , the configuration (pre-defined in the management packs and can be overwritten by overrides) will be applied to the object. 

    To populate the effective criteria/value, we may use the following PowerShell cmdlets:

    $Members = (Get-SCOMGroup -DisplayName "All Windows Computers").GetRelatedMonitoringObjects()
    $Members | ForEach-Object { Export-SCOMEffectiveMonitoringConfiguration -Instance $_ -Path "C:\temp\$($_.DisplayName).csv" }

    The output is similar to the above (you pasted, substituting pipeline with comma): 



    Hope the above information helps.

    Regards,

    Alex Zhu
    -----------------------------------------------
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Wednesday, November 20, 2019 4:36 AM
  • Hi,

    Some supplements:

    If we want to get the effective of all the objects, we may use:

    $Members | ForEach-Object { Export-SCOMEffectiveMonitoringConfiguration -Instance $_ -Path "C:\temp1\$($_.DisplayName).csv" -RecurseContainedObjects }

    Note: this may run for a while (in my lab, there are 6 windows computers and 1 debian7 computer, and this command will only retrieve windows computers), it takes about 20 minutes to get all the effective values.

    Hope the above information helps.

    Regards,

    Alex Zhu
    -----------------------------------------------
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Wednesday, November 20, 2019 5:57 AM