Introduction
Microsoft SCOM is a cross-platform data center monitoring and reporting tool that checks the status of objects defined within operating systems and hypervisors.
Note
OpsRamp uses the Webhook API to receive alerts.The integration involves configurations in OpsRamp and SCOM. After the successful integration, OpsRamp displays the alerts.
Applicable to SCOM Version: SCOM 2019
OpsRamp configuration
Configuration involves:
- Installing the integration.
- Configuring the integration.
Step 1: Install the integration
To install the integration:
- Go to Setup > Integrations > Integrations and select a client.
- From Available Integrations, select Monitoring > System Center Operations Manager Integration.
- Click Install.
Note
Using authentication, the authentication type can be configured to call OpsRamp APIs.Step 2: Configure the integration
To configure the integration:
- From the API tab, provide the following:
- Authentication:
- Select
WebHook
as the authentication mechanism.
Note: The token and WebHook URL are generated. - Copy the tenant Id, token, and webhook URL for configuration.
- Select
- Map Attributes: Provide the mapping information for the third-party application.
- From OpsRamp Entity, click Alert
- From OpsRamp Property menu, click Status.
- Click + to define the mappings.
See the following table for mapping attributes.
- Authentication:
- From the Monitoring of Integration tab, click Assign Templates.
- From the Audit Logs, set up audit log criteria and time frame.
The following table shows the property mappings.
Third-Party Entity | OpsRamp Entity | Third-Party Property | OpsRamp Property (non-editable) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Problem | Alert | State
| alert.currentState | ||||||||||
Problem | Alert | MonitoringObjectFullName | alert.serviceName | ||||||||||
Problem | Alert | Description | alert.description | ||||||||||
Problem | Alert | MonitoringObjectDisplayName | alert.deviceName | ||||||||||
Problem | Alert | AlertId | alert.extAlertId | ||||||||||
Problem | Alert | Name | alert.subject |
Note
Mappings can be modified when required.SCOM configuration
Configuration involves:
- Creating channels
- Creating subscribers
- Creating subscriptions
Step 1: Create channel
To create a channel:
- From the Operations Console left pane, go to Administration, Notifications, Channels.
- Right click on Channels and click New Channel Command.
The Command Notification Channel window opens. - From Command Notification Channel, provide the following information in Descriptions and click Next.
- Channel Name: Enter a unique name.
- Description: Enter desired detail.
- In the Settings screen, enter the information according to the location of the path.
- For Full Path of the Command Line, find and specify the path of powershell.exe file.
For example,C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- For Command Line Parameters, consider the following and specify details:
- The path where you stored the script that is executed automatically when alerts are created in SCOM.
AlertID
as a parameter.
For example,“C:\scripts\Alert.ps1” ‘”$Data[Default=’Not Present’]/Context/DataItem/AlertId$”‘
- On the command link, provide a path for a startup folder.
For example:C:\Windows\System32\WindowsPowerShell\v1.0
- For Full Path of the Command Line, find and specify the path of powershell.exe file.
- Click Finish.
The confirmation message appears.
Step 2: Create subscriber
To create a subscriber:
- From the Operations Console left pane, go to Administration, Notifications, Subscribers.
- Right click on Subscribers and create New Subscriber.
Notification Subscribe Wizard is displayed where you need to enter description, schedule, and address. - In Description, enter a unique name as Subscriber Name and click Next.
- In the Schedule tab, select one of the following options and click Next:
- Always send notifications: Recommended
- Notify only during the specific time: Specify the date range.
- In the Address tab, click ADD and provide the following in the Subscribe Address window:
- General: Address name and click Next.
- Channel: provide the following and click Next:
- Channel Type: Select a command from the drop-down menu.
- Command Channel: Select name of the channel that you created.
- Delivery address for the selected channel: Leave blank.
- Schedule: select one of the following options and click Next:
- Always send notifications: Recommended
- Only send notification during the specified time: Specify the date range.
- Click Finish.
Step 3: Create subscription
To create a subscription:
- From the Operations Console left pane, go to Administration, Notifications, Subscriptions.
- Right click on Subscriptions and click New Subscription.
The Notification Subscription Wizard is displayed where you need to enter details in the respective tabs. - For the Description tab, enter a unique a subscription name,
provide a description to create notification subscription, and click Next. - For the Scope tab, modify the subscription scope only if necessary and click Next.
- For the Criteria tab, click +Insert, provide an expression,
enter the following details as provided in example in the Subscription Criteria window,
and then click Next:
- Criteria: Severity
- Operator: Equals
- Value: All (Information, Warning, Critical)
Note: Unless specified do not insert any expression and leave the fields empty.
- In the Subscriber tab, click ADD and provide the following:
- Enter the subscriber name created earlier in the Filter by box and click Search.
The subscriber detail is displayed in the Available subscribers column. - Click Add to reflect in the Selected subscribers column.
- Click OK.
- Click Next.
- Enter the subscriber name created earlier in the Filter by box and click Search.
- In the Channels tab, click ADD and provide the following:
- Enter the channel name created earlier in the filter by box and click Search. The channel detail is displayed in the available channels column.
- Click Add to reflect in the selected channels column.
- Click OK.
- In the Channels tab, for Alert aging, select Send notifications without delay.
- Click Next.
- In the Summary tab, review the details, select Enable the notification subscription.
- Click Finish.
Note
After configuration, alerts are sent directly to OpsRamp via the channel created using the Webhook URL.Sample script
$postFile = "C:\scripts\postResult.txt"
$args | Out-File $postFile -Append
function Create-Body {
param(
[parameter(Mandatory=$true)]$alert
)
$ResolutionStates=0,247,248,249,250
$SeverityStates=0,1,2
$bodyObject = @{
AlertId = $alert.Id;
Name = $alert.Name;
Description = $alert.Description;
UnformattedDescription = $alert.UnformattedDescription;
MonitoringObjectId = $alert.MonitoringObjectId;
MonitoringClassId = $alert.MonitoringClassId;
ClassId = $alert.ClassId;
MonitoringObjectDisplayName = $alert.MonitoringObjectDisplayName;
MonitoringObjectName = $alert.MonitoringObjectName;
MonitoringObjectPath = $alert.MonitoringObjectPath;
MonitoringObjectFullName = $alert.MonitoringObjeurctFullName;
IsMonitorAlert = $alert.IsMonitorAlert;
ProblemId = $alert.ProblemId;
MonitoringRuleId = $alert.MonitoringRuleId;
RuleId = $alert.RuleId;
ResolutionState = $alert.ResolutionState;
Priority = $alert.Priority;
Severity = $alert.Severity;
Category = $alert.Category;
Owner = $alert.Owner;
ResolvedBy = $alert.ResolvedBy;
TimeRaised = $alert.TimeRaised;
TimeAdded = $alert.TimeAdded;
LastModified = $alert.LastModified;
LastModifiedBy = $alert.LastModifiedBy;
TimeResolved = $alert.TimeResolved;
TimeResolutionStateLastModified = $alert.TimeResolutionStateLastModified;
CustomField1 = $alert.CustomField1;
CustomField2 = $alert.CustomField2;
CustomField3 = $alert.CustomField3;
CustomField4 = $alert.CustomField4;
CustomField5 = $alert.CustomField5;
CustomField6 = $alert.CustomField6;
CustomField7 = $alert.CustomField7;
CustomField8 = $alert.CustomField8;
CustomField9 = $alert.CustomField9;
CustomField10 = $alert.CustomField10;
TicketId = $alert.TicketId;
Context = $alert.Context;
ConnectorId = $alert.ConnectorId;
LastModifiedByNonConnector = $alert.LastModifiedByNonConnector;
MonitoringObjectInMaintenanceMode = $alert.MonitoringObjectInMaintenanceMode;
MonitoringObjectHealthState = $alert.MonitoringObjectHealthState;
ConnectorStatus = $alert.ConnectorStatus;
RepeatCount = $alert.RepeatCount;
NetbiosComputerName = $alert.NetbiosComputerName;
NetbiosDomainName = $alert.NetbiosDomainName;
PrincipalName = $alert.PrincipalName;
SiteName = $alert.SiteName;
MaintenanceModeLastModified = $alert.MaintenanceModeLastModified;
StateLastModified = $alert.StateLastModified;
Parameters = $alert.Parameters;
TfsWorkItemId = $alert.TfsWorkItemId;
TfsWorkItemOwner = $alert.TfsWorkItemOwner;
ManagementGroupId = $alert.ManagementGroupId;
}
if(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 2))
{
$bodyObject.State="Critical"
}
elseif(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 1))
{
$bodyObject.State="Warning"
}
elseif(($ResolutionStates -contains $alert.ResolutionState) -and ( $alert.Severity -eq 0))
{
$bodyObject.State="Informational"
}
elseif(($ResolutionStates -notcontains $alert.ResolutionState) -and ( $SeverityStates -contains $alert.Severity))
{
$bodyObject.State="Ok"
}
return $bodyObject
}
function Send-Alert {
param(
[parameter(Mandatory=$true)]$body = ""
)
$method = "POST"
$uri ="https://<server_url>/integration>alertsWebhook/client_id/alerts?vtoken=<token_ID>"
$body = ConvertTo-Json $body
Invoke-WebRequest -Uri $uri -Body $body -Method $method -ContentType application/json
}
# Import-Module OperationsManager
Import-Module "C:\Program Files\Microsoft System Center\Operations Manager\Powershell\OperationsManager\OperationsManager.psm1"
try {
write-output "Connection to OpsRamp Status" | Out-File $postFile -Append
}
catch {
out-file -InputObject "Exception Type: $($_.Exception.GetType().FullName) Exception Message: $($_.Exception.Message)" -FilePath $postFile -Append
}
$alert_info = Get-SCOMAlert -Id $([String]$args)
$body = Create-Body $alert_info
Send-Alert -body $body
$alert_info | Out-File $postFile -Append
Important
Be sure to replace the URI with the Webhook URL and in the Import Module and
specify the path of the OperationsManager.psm1
file.
For example: C:\Program Files\Microsoft System Center\Operations Manager\Powershell\OperationsManager\OperationsManager.psm1
.
Sample request payload
{
"ClassId": "a4899740-ef2f-1541-6c1d-51d34b739491",
"Description": "The System Center Management Health Service on computer WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP failed to heartbeat.",
"MonitoringObjectHealthState": 1,
"TimeResolutionStateLastModified": "/Date(1584102245727)/",
"IsMonitorAlert": true,
"TfsWorkItemId": null,
"StateLastModified": "/Date(1584102245727)/",
"MonitoringObjectPath": "Microsoft.SystemCenter.AgentWatchersGroup",
"TimeAdded": "/Date(1584102228013)/",
"MonitoringObjectInMaintenanceMode": false,
"CustomField4": null,
"TimeResolved": "/Date(1584102245757)/",
"ResolutionState": 255,
"ConnectorStatus": 1,
"MonitoringClassId": "a4899740-ef2f-1541-6c1d-51d34b739491",
"CustomField1": null,
"TfsWorkItemOwner": null,
"RuleId": "b59f78ce-c42a-8995-f099-e705dbb34fd4",
"MonitoringObjectFullName": "Microsoft.SystemCenter.HealthServiceWatcher:Microsoft.SystemCenter.AgentWatchersGroup;45235ea9-6050-9872-3957-e4f381cb23b2",
"Priority": 2,
"ProblemId": "b59f78ce-c42a-8995-f099-e705dbb34fd4",
"Severity": 2,
"ManagementGroupId": "55dd0f32-ecfa-0717-70f5-884769171c24",
"CustomField6": null,
"CustomField10": null,
"ResolvedBy": "System",
"CustomField5": null,
"TimeRaised": "/Date(1584102198540)/",
"Category": 3,
"SiteName": null,
"CustomField8": null,
"Parameters": ["WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP"],
"LastModifiedBy": "Connector Framework Alert Write Action",
"LastModified": "/Date(1584102282583)/",
"CustomField3": null,
"ConnectorId": "7431e155-3d9e-4724-895e-c03ba951a352",
"Owner": null,
"NetbiosDomainName": null,
"MaintenanceModeLastModified": "/Date(-2208960000000)/",
"CustomField2": null,
"UnformattedDescription": "The System Center Management Health Service on computer WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP failed to heartbeat.",
"PrincipalName": null,
"CustomField7": null,
"LastModifiedByNonConnector": "/Date(1584102282583)/",
"NetbiosComputerName": null,
"State": "Ok",
"MonitoringObjectId": "cf51b5df-999a-ce12-9089-7de7ca19a27b",
"CustomField9": null,
"TicketId": null,
"RepeatCount": 0,
"MonitoringObjectDisplayName": "WIN-MBPBJ0U32JV.INTEGRATIONS.OPSRAMP",
"Name": "Health Service Heartbeat Failure",
"AlertId": "462095ba-d978-4525-984a-9d8ec93d7fdc",
"MonitoringObjectName": "45235ea9-6050-9872-3957-e4f381cb23b2",
"MonitoringRuleId": "b59f78ce-c42a-8995-f099-e705dbb34fd4"
}
Viewing alerts
To view the alerts in OpsRamp:
- Go to the Alerts page, search with the source name as
SCOM
.
Related alerts are displayed. - Click Alert ID to view.