The issue of closing alerts triggered by monitors – proposing a new solution

The issue is by no means new to SCOM community, so I will just briefly mention it here: monitoring inconsistencies are introduced when an alert (generated by a monitor) is closed without the error condition itself being resolved; that monitor in an unhealthy state will never raise another alert to warn you of the underlying error condition until the monitor returns to a healthy state back again.

My solution to address this issue is the Management Pack that I uploaded to TechNet gallery: https://gallery.technet.microsoft.com/Alerts-Watchdog-Management-d5b3ea77

The MP is actually simple: it only implements a rule that has a DataSource of type Microsoft.SystemCenter.SubscribedAlertProvider with the Criteria defined as:
Resolution State = 255 and IsMonitorAlert = True and LastModifiedBy <> System and LastModifiedBy <> Auto-resolve and LastModifiedBy <> Maintenance Mode.

The rule has 2 write actions:

– First to generate an informational alert, something in line with the example below:

Alert Name: Logical Disk Free Space is low was closed manually by
Alert Description:
The alert was triggered by monitor {12631e6d-900b-d685-a713-e821d2c06c70}
The Managed Entity Full Name is: Microsoft.Windows.Server.2008.LogicalDisk:;C:
(with Id {d28f408e-1bf7-ffeb-c42c-695b889f8496})
The health state will be now reset to ensure consistent monitoring…

– Second is a type Microsoft.Windows.PowerShellPropertyBagWriteAction write action and it executes a script that is resetting the associated monitor (passed parameters are $Data/WorkflowId$ and $Data/ManagedEntity$ from the DataItem provided by the DataSource)

Advertisements

5 responses to “The issue of closing alerts triggered by monitors – proposing a new solution

    • spostea October 17, 2016 at 5:44 pm

      Not really.
      My solution provides “as it happens” unit monitor resets, while the workflow in Self Maintenance MP is scheduled at regular intervals, leaving some gaps of inconsistent monitoring.
      The whole trick is the usage of the Microsoft.SystemCenter.SubscribedAlertProvider datasource.
      Thanks for your feedback!

      Like

  1. regularscomguy February 3, 2017 at 7:40 am

    Was actually looking into creating this my self.. but I found this.. Nice contribution to the community! Thank you.

    Like

  2. Pingback: Closing monitors, the hassle and a solution – regularscomguy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: