Scripting Alert UpdatesA question that comes up regularly on the technet forums is how to configure updates to alerts, usually around custom fields that need manipulating prior to forwarding on to a help desk system. Here are a few solutions that may or may not meet your needs. As always with scripts, test thoroughly in a suitable development environment before deploying to production and use is at your own risk. With the legalese out of the way ....

ContentsScenario.................................................................................................................................................2

Overview...........................................................................................................................................2

Script.................................................................................................................................................2

Running the script from PowerShell......................................................................................................4

Running the script from an Operations Manager rule...........................................................................5

Using Opalis with Operations Manager Integration Kit.........................................................................7

Running the Script from the Opalis Server..........................................................................................15

Scenario

OverviewWhen a new rule comes in, I want to update the alert so that:

Custom field1 contains the Server Principal Name

Custom field2 contains the Severity of the Alert

Custom field3 contains the Management Pack that generated the Alert

ScriptFirst up we need to get the powershell script.

# Name of Root Management Server $RMS="XXXX" # Initialise OpsMgr Provider write-Host write-Host "Executing UpdateAlerts.ps1 ..." write-Host ## prepare OpsMgr shell if ((Get-PSSnapin | Where-Object {$_.Name -eq 'Microsoft.EnterpriseManagement.OperationsManager.Client'}) -eq $null) { Write-Host Write-Host "File loaded." Write-Host "Initializing shell for operations manager..." Write-Host "Add Microsoft.EnterpriseManagement.OperationsManager.Client snap in." Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client -ErrorAction SilentlyContinue -ErrorVariable Err if ($Err) { $(throw write-Host $Err) } } if ((Get-ManagementGroupConnection | Where-Object {$_.ManagementServerName -eq $RMS}) -eq $null) { Write-Host "Connect to Management Server: $RMS" New-ManagementGroupConnection $RMS -ErrorAction SilentlyContinue -ErrorVariable Err if ($Err) { $(throw write-Host $Err) } } if ((Get-PSDrive | Where-Object {$_.Name -eq 'Monitoring'}) -eq $null) { Write-Host "Create Monitoring drive from Provider." New-PSDrive -Name: Monitoring -PSProvider: OperationsManagerMonitoring -Root: \ -ErrorAction SilentlyContinue -ErrorVariable Err if ($Err) { $(throw write-Host $Err) } Write-Host "Operations manager shell initialized." Write-Host } Set-Location Monitoring:\$RMS

#Get-Alert - update alert

foreach ($alert in get-alert -criteria 'PrincipalName is not null and ResolutionState = 0')

{ $alert.CustomField1 = $alert.PrincipalName $alert.CustomField2 = $alert.Severity $alert.ResolutionState = "5" if ($alert.IsMonitorAlert -like 'False') { $alert.CustomField3 = ((get-rule $alert.monitoringruleid).getmanagementpack()).displayname } else { $alert.CustomField3 = (get-monitor $alert.problemid).getmanagementpack().displayname }

$alert.Update("Alert Updated by UpdateAlerts.ps1") }

We also need to create an Alert Resolution State for Alert Updated - Administration > Settings > Alerts in the operator console.

We do this so that when we run the script we only pull back new alerts and not alerts that have already been updated.

Running the script from PowerShell1. Copy and paste the script from page 2 into a file called UpdateAlerts.ps1 and save this in a

folder called c:\scripts on the Root Management Server

2. Open the Operations Manager (power) Shell as administrator (right click and run as administrator).

3. Change the folder to c:\scripts and run the script using ./UpdateAlerts.ps1

4. The Alert is updated:

Running the script from an Operations Manager ruleSay we want to run this script every 10 minutes to automate the updates. We can do this via an Operations Manager timed command rule. Be careful with this from a performance perspective. PowerShell can be quite resource intensive so make sure your alerting is fine tuned to ensure that not too many alerts are being processed.

1. Create a Timed Command Rule in a custom management pack – choose Execute a Command

2. Configure the Rule Name, Rule Category (I have chosen Operations) and target the Root Management Server

3. Set a schedule

4. Configure the Command Line (create c:\temp if necessary)

Using Opalis with Operations Manager Integration KitIf you are working through this article then make sure that you disable or delete the rule that we created above.

You will also need to make sure that you have imported the Operations Manager 2007 Integration Pack into Opalis. We are now going to run this powershell script from Opalis.

1. In the Opalis Client, create a new policy

2. Rename the Policy to UpdateAlert (you will be prompted to “check out” the policy”).

3. Add scheduling object (Monitor Date/Time) and change the name of the object to every 5 minutes and change the details page to every 5 minutes (see below)

4. Double check that you have configured the Operations Manager 2007 Integration

5. Go to the Microsoft Operations Manager 2007 objects and click and drag the Get Alert object into the policy

6. Right click the Get Alert object and choose properties and configure the connection and add a filter to pull back just New Alerts (Resolution State = New)

7. Click and Drag the Update Alert object into the policy

8. Create a workflow by clicking and dragging a connector line from \ to each object in the workflow (every 5 minutes Get Alert Update Alert)

9. Right Click Update Alert and choose properties:

Set the Connection In the Alert ID text box, right click, choose subscribe, published data

Make sure that Get Alert is selected as the object and then choose the ID field. This will pick up the Alert ID from the Get Alert object so that the updates we make only affect the select Alerts.

The window now looks like this

Click on Select Fields at the bottom of the window and select the fields that we are going to update – select custom field 2, custom field 3 and resolution state, move them to the right window by clicking on >> and then click ok

Right click in the text box next to CustomField2 and choose subscribe, published data and then select the netbios computer name field

For custom field3 choose Severity

For ResolutionState, click once in the text box and you’ll see an ellipse button

Click on the ellipse button and you’ll get to choose the resolution state

10. You should now see this – click Finish:

11. Then Check in the policy

12. Then start the policy

The updates aren’t the same as the script – the Management Pack isn’t exposed and only the NetBios computer name is available. But you can get this without any scripting.

Running the Script from the Opalis ServerBut if you want to script the whole solution then stop the policy that was created above and we can look to plug the PowerShell script directly into Opalis. Copy the updatealert.ps1 script to c:\scripts on the Opalis server.

1. Create a new policy – I have called this Run PShell Script and add a Monitor Date / Time object to run every 5 minutes exactly as we did in the previous policy (update alert)

2. Add the Run Program script object and create the workflow between the Schedule and the script

3. Right click Run Program

On the General Tab, change the name to Update Alert

On the Details Tab, enter the following

On the Mode, select Command Execution

Computer = Opalis Server IP Address

Command = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -Command "c:\scripts\updatealert.ps1"

Working folder = c:\Temp

And click Finish