November 23, 2017
Part Two: Tuning alerts in SCOM - by Jasper Van Damme
Right, it's time for part two!
For those of you that missed Jasper's first blog on 'Tuning alerts in SCOM', you can find that here, but for those of you ready for more of Jasper's awesome hints and tips, let's crack on...
Tuning alerts in SCOM (Part 2)
By Jasper Van Damme
This post continues on my previous post, on how to deal with tuning alerts in SCOM.
Like I mentioned before, getting a hold on the shear amount of alerts in SCOM can be a huge challenge.
As you may or may not know, there are two types of alerts in SCOM:
- Monitor Alerts
Monitors have impact on the health state of an object, and have the capability to close themselves when the issue has been resolved. In fact, I would say 90% of the monitors are configured to close automatically.
- Rule Alerts
Rule alerts do not affect health state, as such, they can not close themselves automatically. A scenario where rule alerts are useful is if you want to alert on a specific event, but that event does not have another event to trigger a healthy state. If you use a monitor in this scenario, you would have to reset the health every time.
As you can imagine closing these alert rules every day is quite the task, and it becomes a burden for most SCOM operators.
Tao Yang’s MP
Using the Tao Yang’s self maintenance management pack, you can close alerts coming from a rule when they do not reoccur in a certain time frame automatically.
It has some other very nifty features to help keep your SCOM environment healthy, so I would definitely recommend this MP. More information can be found on the link above.
Alert rules typically have a repeat count, so if the issue is temporary, that repeat count should not increase. By looking at the date last modified of the alert rule, we can determine if the alert is still relevant or not.
Here’s how you configure it using the self maintenance management pack:
- First you have to import the management pack of Tao Yang
- Go to authoring > rules
- I made a gif on how to configure this, in this example all rule alert that are older than 2 days and have not reoccurred, will be automatically closed and will be checked each 2 hours. The alert rule is called OpsMgr 2012 Self Maintenance Close Aged Rule Generated Alerts Rule
After this is configured, the non relevant alerts from rules will be automatically closed.
This helps you focus on relevant alerts and not having to go through the daily chore of cleaning up alerts.
If you have any questions regarding the configuration, feel free to contact my via my blog or social channels (details below).
Jasper is a Belgian freelance IT Consultant with 10 years infrastructural experience internally and externally of small (1 server) to larger (+1000 servers) environments in a variety of industries.