Skip to Main Content

Sending SCOM alerts to Slack

We can't get enough of SCOM consultant Jasper van Damme's blog, No Alert Left Behind and are keen to help share his knowledge and work with the wider community.

We highly recommend following his blog directly to stay up-to-date with his latest posts, and we're pleased to present his recent work on sending SCOM alerts into Slack as a guest blog below.

In particular, those of you working with DevOps teams will know it's virtually impossible to get them out of Slack and into email, so this is a great way of surfacing relevant alerts for them.

Sending SCOM alerts to Slack

by Jasper Van Damme

This post will be about how you can send alerts from SCOM to a Slack channel. I used a powershell module which you can find on this blog post.

Slack is a free tool that offers real-time messaging, archiving and search for modern teams. It also has premium paid features, but to send SCOM alerts to Slack, this is not required.

For people that don’t have Slack, I would strongly recommend it, as the free tier already offers quite nice features. An alternative to Slack is Microsoft Teams.

Alright here we go.

There are a few prerequisites before we start:

The next step is required if your management servers require a proxy to send notifications. Otherwise, this can be skipped.
Open the Operations Console -> Go to Administration -> Run As Configuration -> Profiles

Look for the Notification Account

Add the Run as account that has internet access. Click Save.

Next download the script that will send these notifications. You can find this here.

Place this script under a folder on each management server(s), f.e. C:\SCOM\Scripts. Make sure the account we created earlier has access to this folder! If you don’t use a proxy server to access the internet, this is not required, as the system account has access to this folder.

Run the following command if you are using a proxyserver on your management servers:

Open the downloaded script with Powershell ISE or another editor, fill in your token from Slack (as described in prerequisites):

And change the weblink, as outlined in the example, change to your environment. I use SquaredUp to drill down into alerts.

Next up we create the Command channel

Fill in the description, click Next

Full path is: c:\windows\system32\windowspowershell\v1.0\powershell.exe

Command line parameters: <Path to the PSScript> -AlertID ‘$Data/Context/DataItem/AlertId$’ -AlertName ‘$Data[Default=’Not Present’]/Context/DataItem/AlertName$’ -AlertDescription ‘$Data[Default=’Not Present’]/Context/DataItem/AlertDescription$’ -Severity ‘$Data[Default=’Not Present’]/Context/DataItem/Severity$’ -DisplayName ‘$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityPath$\$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityDisplayName$’ -ResolutionState ‘$Data[Default=’Not Present’]/Context/DataItem/ResolutionStateName$’

Startup folder: c:\windows\system32\windowspowershell\v1.0\

Next we’ll need to create a subscription to fire alerts towards Slack.

Give the subscription a name, click Next.

Under criteria, choose what suits your need, but I would recommend using the criteria above to test the command channel.

Create a new subscriber.

Fill in the description, go to Addresses. Click Add.

Fill in address name, click Next

Choose our command channel we created, click Next -> Finish

That’s it! Alerts should be coming in, and clicking on them immediately forwards you to the Web console / SquaredUp interface. Feel free to contact me should you have any issues.

Best regards,

Jasper