August 24, 2017
Sending SCOM alerts to Slack
We can't get enough of SCOM consultant Jasper van Damme's blog, No Alert Left Behind and are keen to help share his knowledge and work with the wider community.
We highly recommend following his blog directly to stay up-to-date with his latest posts, and we're pleased to present his recent work on sending SCOM alerts into Slack as a guest blog below.
In particular, those of you working with DevOps teams will know it's virtually impossible to get them out of Slack and into email, so this is a great way of surfacing relevant alerts for them.
Sending SCOM alerts to Slack
by Jasper Van Damme
This post will be about how you can send alerts from SCOM to a Slack channel. I used a powershell module which you can find on this blog post.
Slack is a free tool that offers real-time messaging, archiving and search for modern teams. It also has premium paid features, but to send SCOM alerts to Slack, this is not required.
For people that don’t have Slack, I would strongly recommend it, as the free tier already offers quite nice features. An alternative to Slack is Microsoft Teams.
Alright here we go.
There are a few prerequisites before we start:
- You’ll need Windows Management Framework 5.0 installed on your SCOM Management Server which is sending out the messages to Slack. This can be found here.
- Once WFM 5.x is installed, you need to install the following PS module on your management servers, just open a powershell and execute:
Install-Module PSSlack -Force
- The SCOM Management servers require internet access.
- When using a web proxy to go to the internet, you’ll need to create an AD account which can access the internet.
- You’ll need slack (duh :)), and you have to create a token for your team. This can be done here.
The next step is required if your management servers require a proxy to send notifications. Otherwise, this can be skipped.
Open the Operations Console -> Go to Administration -> Run As Configuration -> Profiles
Look for the Notification Account
Add the Run as account that has internet access. Click Save.
Next download the script that will send these notifications. You can find this here.
Place this script under a folder on each management server(s), f.e. C:\SCOM\Scripts. Make sure the account we created earlier has access to this folder! If you don’t use a proxy server to access the internet, this is not required, as the system account has access to this folder.
Run the following command if you are using a proxyserver on your management servers:
Open the downloaded script with Powershell ISE or another editor, fill in your token from Slack (as described in prerequisites):
And change the weblink, as outlined in the example, change to your environment. I use squared up to drill down into alerts.
Next up we create the Command channel
Fill in the description, click Next
Full path is: c:\windows\system32\windowspowershell\v1.0\
Command line parameters: <Path to the PSScript> -AlertID ‘$Data/Context/DataItem/AlertId$’ -AlertName ‘$Data[Default=’Not Present’]/Context/DataItem/AlertName$’ -AlertDescription ‘$Data[Default=’Not Present’]/Context/DataItem/AlertDescription$’ -Severity ‘$Data[Default=’Not Present’]/Context/DataItem/Severity$’ -DisplayName ‘$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityPath$\$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityDisplayName$’ -ResolutionState ‘$Data[Default=’Not Present’]/Context/DataItem/ResolutionStateName$’
Startup folder: c:\windows\system32\windowspowershell\v1.0\
Next we’ll need to create a subscription to fire alerts towards Slack.
Give the subscription a name, click Next.
Under criteria, choose what suits your need, but I would recommend using the criteria above to test the command channel.
Create a new subscriber.
Fill in the description, go to Addresses. Click Add.
Fill in address name, click Next
Choose our command channel we created, click Next -> Finish
That’s it! Alerts should be coming in, and clicking on them immediately forwards you to the Web console / Squared Up interface. Feel free to contact me should you have any issues.