SCOM

Describes how to setup an integration to receive alerts from SCOM.

Leave Feedback

Introduction

Microsoft SCOM is a cross-platform data center monitoring and reporting tool that checks the status of objects defined within operating systems and hypervisors.

The integration involves configurations in OpsRamp and SCOM. After the successful integration, OpsRamp displays the alerts.

Applicable to SCOM Version: SCOM 2019

OpsRamp configuration

Configuration involves:

  1. Installing the integration.
  2. Configuring the integration.

Step 1: Install the integration

To install the integration:

  1. Go to Setup > Integrations > Integrations and select a client.
  2. From Available Integrations, select Monitoring > System Center Operations Manager Integration.
  3. Click Install.

Step 2: Configure the integration

To configure the integration:

  1. From the API tab, provide the following:
    • Authentication:
      • Select WebHook as the authentication mechanism.
        Note: The token and WebHook URL are generated.
      • Copy the tenant Id, token, and webhook URL for configuration.
    • Map Attributes: Provide the mapping information for the third-party application.
      1. From OpsRamp Entity, click Alert
      2. From OpsRamp Property menu, click Status.
      3. Click + to define the mappings.
        See the following table for mapping attributes.
  2. From the Monitoring of Integration tab, click Assign Templates.
  3. From the Audit Logs, set up audit log criteria and time frame.

The following table shows the property mappings.

Property Mappings
Third-Party EntityOpsRamp EntityThird-Party PropertyOpsRamp Property (non-editable)
ProblemAlertState
Third-Party Property ValueOpsRamp Property Value
InformationalInfo
WarningWarning
CriticalCritical
OkOk
alert.currentState
ProblemAlertMonitoringObjectFullNamealert.serviceName
ProblemAlertDescriptionalert.description
ProblemAlertMonitoringObjectDisplayNamealert.deviceName
ProblemAlertAlertIdalert.extAlertId
ProblemAlertNamealert.subject

SCOM configuration

Configuration involves:

  1. Creating channels
  2. Creating subscribers
  3. Creating subscriptions

Step 1: Create channel

To create a channel:

  1. From the Operations Console left pane, go to Administration, Notifications, Channels.
  2. Right click on Channels and click New Channel Command.
    The Command Notification Channel window opens.
  3. From Command Notification Channel, provide the following information in Descriptions and click Next.
    • Channel Name: Enter a unique name.
    • Description: Enter desired detail.
  4. In the Settings screen, enter the information according to the location of the path.
    • For Full Path of the Command Line, find and specify the path of powershell.exe file.
      For example, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    • For Command Line Parameters, consider the following and specify details:
      • The path where you stored the script that is executed automatically when alerts are created in SCOM.
      • AlertID as a parameter.
        For example, “C:\scripts\Alert.ps1” ‘”$Data[Default=’Not Present’]/Context/DataItem/AlertId$”‘
    • On the command link, provide a path for a startup folder.
      For example: C:\Windows\System32\WindowsPowerShell\v1.0
  5. Click Finish.
    The confirmation message appears.

Step 2: Create subscriber

To create a subscriber:

  1. From the Operations Console left pane, go to Administration, Notifications, Subscribers.
  2. Right click on Subscribers and create New Subscriber.
    Notification Subscribe Wizard is displayed where you need to enter description, schedule, and address.
  3. In Description, enter a unique name as Subscriber Name and click Next.
  4. In the Schedule tab, select one of the following options and click Next:
    • Always send notifications: Recommended
    • Notify only during the specific time: Specify the date range.
  5. In the Address tab, click ADD and provide the following in the Subscribe Address window:
    • General: Address name and click Next.
    • Channel: provide the following and click Next:
      • Channel Type: Select a command from the drop-down menu.
      • Command Channel: Select name of the channel that you created.
      • Delivery address for the selected channel: Leave blank.
    • Schedule: select one of the following options and click Next:
      • Always send notifications: Recommended
      • Only send notification during the specified time: Specify the date range.
  6. Click Finish.

Step 3: Create subscription

To create a subscription:

  1. From the Operations Console left pane, go to Administration, Notifications, Subscriptions.
  2. Right click on Subscriptions and click New Subscription.
    The Notification Subscription Wizard is displayed where you need to enter details in the respective tabs.
  3. For the Description tab, enter a unique a subscription name,
    provide a description to create notification subscription, and click Next.
  4. For the Scope tab, modify the subscription scope only if necessary and click Next.
  5. For the Criteria tab, click +Insert, provide an expression, enter the following details as provided in example in the Subscription Criteria window, and then click Next:
    • Criteria: Severity
    • Operator: Equals
    • Value: All (Information, Warning, Critical)
      Note: Unless specified do not insert any expression and leave the fields empty.
  6. In the Subscriber tab, click ADD and provide the following:
    1. Enter the subscriber name created earlier in the Filter by box and click Search.
      The subscriber detail is displayed in the Available subscribers column.
    2. Click Add to reflect in the Selected subscribers column.
    3. Click OK.
    4. Click Next.
  7. In the Channels tab, click ADD and provide the following:
    1. Enter the channel name created earlier in the filter by box and click Search. The channel detail is displayed in the available channels column.
    2. Click Add to reflect in the selected channels column.
    3. Click OK.
    4. In the Channels tab, for Alert aging, select Send notifications without delay.
    5. Click Next.
  8. In the Summary tab, review the details, select Enable the notification subscription.
  9. Click Finish.

Sample script

$postFile = "C:\scripts\postResult.txt"
$args | Out-File $postFile -Append
function Create-Body {
		param(
		[parameter(Mandatory=$true)]$alert
	   )
		$ResolutionStates=0,247,248,249,250
		$SeverityStates=0,1,2

		$bodyObject = @{
		AlertId = $alert.Id;
		Name = $alert.Name;
		Description = $alert.Description;
		UnformattedDescription = $alert.UnformattedDescription;
		MonitoringObjectId = $alert.MonitoringObjectId;
		MonitoringClassId = $alert.MonitoringClassId;
		ClassId = $alert.ClassId;
		MonitoringObjectDisplayName = $alert.MonitoringObjectDisplayName;
		MonitoringObjectName = $alert.MonitoringObjectName;
		MonitoringObjectPath = $alert.MonitoringObjectPath;
		MonitoringObjectFullName = $alert.MonitoringObjeurctFullName;
		IsMonitorAlert = $alert.IsMonitorAlert;
		ProblemId = $alert.ProblemId;
		MonitoringRuleId = $alert.MonitoringRuleId;
		RuleId = $alert.RuleId;
		ResolutionState = $alert.ResolutionState;
		Priority = $alert.Priority;
		Severity = $alert.Severity;
		Category = $alert.Category;
		Owner = $alert.Owner;
		ResolvedBy = $alert.ResolvedBy;
		TimeRaised = $alert.TimeRaised;
		TimeAdded = $alert.TimeAdded;
		LastModified = $alert.LastModified;
		LastModifiedBy = $alert.LastModifiedBy;
		TimeResolved = $alert.TimeResolved;
		TimeResolutionStateLastModified = $alert.TimeResolutionStateLastModified;
		CustomField1 = $alert.CustomField1;
		CustomField2 = $alert.CustomField2;
		CustomField3 = $alert.CustomField3;
		CustomField4 = $alert.CustomField4;
		CustomField5 = $alert.CustomField5;
		CustomField6 = $alert.CustomField6;
		CustomField7 = $alert.CustomField7;
		CustomField8 = $alert.CustomField8;
		CustomField9 = $alert.CustomField9;
		CustomField10 = $alert.CustomField10;
		TicketId = $alert.TicketId;
		Context = $alert.Context;
		ConnectorId = $alert.ConnectorId;
		LastModifiedByNonConnector = $alert.LastModifiedByNonConnector;
		MonitoringObjectInMaintenanceMode = $alert.MonitoringObjectInMaintenanceMode;
		MonitoringObjectHealthState = $alert.MonitoringObjectHealthState;
		ConnectorStatus = $alert.ConnectorStatus;
		RepeatCount = $alert.RepeatCount;
		NetbiosComputerName = $alert.NetbiosComputerName;
		NetbiosDomainName = $alert.NetbiosDomainName;
		PrincipalName = $alert.PrincipalName;
		SiteName = $alert.SiteName;
		MaintenanceModeLastModified = $alert.MaintenanceModeLastModified;
		StateLastModified = $alert.StateLastModified;
		Parameters = $alert.Parameters;
		TfsWorkItemId = $alert.TfsWorkItemId;
		TfsWorkItemOwner = $alert.TfsWorkItemOwner;
		ManagementGroupId = $alert.ManagementGroupId;
    }
    
if(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 2))
	{
	$bodyObject.State="Critical"
	}

	elseif(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 1))
	{
	$bodyObject.State="Warning"
	}

	elseif(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 0))
	{
	$bodyObject.State="Informational"
	}
	elseif(($ResolutionStates -notcontains $alert.ResolutionState) -and ( $SeverityStates -contains $alert.Severity))
	{
	$bodyObject.State="Ok"
	}
              
return $bodyObject
    }
function Send-Alert {
		param(
		[parameter(Mandatory=$true)]$body = ""
		)
		$method = "POST"
		$uri ="https://<server_url>/integration>alertsWebhook/client_id/alerts?vtoken=<token_ID>"


		$body = ConvertTo-Json $body

		Invoke-WebRequest -Uri $uri -Body $body -Method $method -ContentType application/json
	}
	
# Import-Module OperationsManager

	Import-Module "C:\Program Files\Microsoft System Center\Operations Manager\Powershell\OperationsManager\OperationsManager.psm1"


	try {
	write-output "Connection to OpsRamp Status" | Out-File $postFile -Append

	}

	catch {

	out-file -InputObject "Exception Type: $($_.Exception.GetType().FullName) Exception Message: $($_.Exception.Message)" -FilePath $postFile -Append

	}
	$alert_info = Get-SCOMAlert -Id $([String]$args)
	$body = Create-Body $alert_info
	Send-Alert -body $body
	$alert_info | Out-File $postFile -Append

Sample request payload

{
	"ClassId": "a4899740-ef2f-1541-6c1d-51d34b739491",
	"Description": "The System Center Management Health Service on computer WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP failed to heartbeat.",
	"MonitoringObjectHealthState": 1,
	"TimeResolutionStateLastModified": "/Date(1584102245727)/",
	"IsMonitorAlert": true,
	"TfsWorkItemId": null,
	"StateLastModified": "/Date(1584102245727)/",
	"MonitoringObjectPath": "Microsoft.SystemCenter.AgentWatchersGroup",
	"TimeAdded": "/Date(1584102228013)/",
	"MonitoringObjectInMaintenanceMode": false,
	"CustomField4": null,
	"TimeResolved": "/Date(1584102245757)/",
	"ResolutionState": 255,
	"ConnectorStatus": 1,
	"MonitoringClassId": "a4899740-ef2f-1541-6c1d-51d34b739491",
	"CustomField1": null,
	"TfsWorkItemOwner": null,
	"RuleId": "b59f78ce-c42a-8995-f099-e705dbb34fd4",
	"MonitoringObjectFullName": "Microsoft.SystemCenter.HealthServiceWatcher:Microsoft.SystemCenter.AgentWatchersGroup;45235ea9-6050-9872-3957-e4f381cb23b2",
	"Priority": 2,
	"ProblemId": "b59f78ce-c42a-8995-f099-e705dbb34fd4",
	"Severity": 2,
	"ManagementGroupId": "55dd0f32-ecfa-0717-70f5-884769171c24",
	"CustomField6": null,
	"CustomField10": null,
	"ResolvedBy": "System",
	"CustomField5": null,
	"TimeRaised": "/Date(1584102198540)/",
	"Category": 3,
	"SiteName": null,
	"CustomField8": null,
	"Parameters": ["WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP"],
	"LastModifiedBy": "Connector Framework Alert Write Action",
	"LastModified": "/Date(1584102282583)/",
	"CustomField3": null,
	"ConnectorId": "7431e155-3d9e-4724-895e-c03ba951a352",
	"Owner": null,
	"NetbiosDomainName": null,
	"MaintenanceModeLastModified": "/Date(-2208960000000)/",
	"CustomField2": null,
	"UnformattedDescription": "The System Center Management Health Service on computer WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP failed to heartbeat.",
	"PrincipalName": null,
	"CustomField7": null,
	"LastModifiedByNonConnector": "/Date(1584102282583)/",
	"NetbiosComputerName": null,
	"State": "Ok",
	"MonitoringObjectId": "cf51b5df-999a-ce12-9089-7de7ca19a27b",
	"CustomField9": null,
	"TicketId": null,
	"RepeatCount": 0,
	"MonitoringObjectDisplayName": "WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP",
	"Name": "Health Service Heartbeat Failure",
	"AlertId": "462095ba-d978-4525-984a-9d8ec93d7fdc",
	"MonitoringObjectName": "45235ea9-6050-9872-3957-e4f381cb23b2",
	"MonitoringRuleId": "b59f78ce-c42a-8995-f099-e705dbb34fd4"
}

Viewing alerts

To view the alerts in OpsRamp:

  1. Go to the Alerts page, search with the source name as SCOM.
    Related alerts are displayed.
  2. Click Alert ID to view.