SCOM Alert as an SNMP Trap

I succesfully “integrated” SCOM with CA Spectrum using SCOM Alerts send as SNMP traps.

Image

The powershell script gets called inside a SCOM command notification channel and only the AlertID is passed to the script.

The script below retrieves the alert details from SCOM and uses the “trapgen.exe” to send SNMP traps to a trap receiver/listener. On the receiving side the alert fields is then mapped

to the specific system in this CA Spectrum’s states and severities. 

Script Code

#Get alertid parameter
Param($alertid)
$alertid = $alertid.toString()

# Load SCOM snap-inn
#add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”

# Connect to SCOM – change management server to your RMS
#new-managementGroupConnection -ConnectionString:<SCOM 2012 Management server name of SCOM 2007 RMS server name here>
#set-location “OperationsManagerMonitoring::”

Import-Module OperationsManager

# Update alert custom field
$alert = Get-SCOMAlert -Id $alertid

$computername = $alert.NetBiosComputerName

if (!$computername) {
$computername = $alert.MonitoringObjectDisplayName
}
else
{
$computername = $alert.PrincipalName
}
$where = $computername.indexof(“.”)
write-host $computername

$computername = $computername.substring(0, $where)

if ($computername.indexof(“(Mailbox)”) -gt 0)
{
 $objfirst = $computername.indexof(“-“)+2
 $objsecond = $computername.indexof(“(Mailbox)”)
 $objdiff = $objsecond – $objfirst

 $computername = $computername.substring($objfirst, $objdiff)

}

#Below is the most common used list of variables available per alert
#$Computername   -Formatted computername, this variable in build in this script and will always contain the nebios name of the alert
#$alert.timeadded – Contains the date/time the alert was created/add to SCOM
#$alert.timeraised – date/time the alert was raised on the monitored system
#$alert.name    – SCOM Alert Name
#$alert.description   – SCOM Alert long/detailed description
#$alert.severity  – Will be “Error”,”Warning”,”Information”
#$alert.managementgroupname   – SCOM management group name of the scom implementation
#$alert.priority – Priority of the alert, will be “Normal”,”
#$Alert.customfield1-10 – Used for additional alert information populated by some of the management packs
#$alert.owner – owner of the alert, this is populated normally by scom users
#$alert.id – unique ID of the scom alert
#$alert.monitoringobjectdisplayname
#$alert.monitorintgobjectname
#$alert.monitoringobjectpath – path,
#$alert.monitoringobjectfullname – fullname of the object for this alert
#$alert.resolution – will be a number showing status 0 is normally “new”/”Open” and 255 is closure

#Below codelines send snmpt traps when scom alert is created/opened/new
if ($alert.resolution -ne 255)
{
 & “c:\trapgen1\TrapGen.exe” -d <IP of Spectrum server> -c public -o <oid to be used> -i <ip of SCOM server> -v <oid varbind to be used> STRING $alert.description -v <oid/varbind to be used STRING $computername.tostring()NG $alert.name -v 1.3.6.1.4.1.999.1.4 STRING $alert.severity -v 1.3.6.1.4.1.999.1.5 STRING $alert.timeraised -v 1.3.6.1.4.1.999.1.6 STRING “Open” -v 1.3.6.1.4.1.999.1.7 STRING “Open”
#Add more parameters as “-v” above for the additional alert fields that you require into spectrum
}

#Below codelines send snmp when a scom alert is closed/resolved
if ($alert.resolution -eq 255)
{
 & “c:\trapgen1\TrapGen.exe” -d <IP of Spectrum server> -c public -o <oid to be used> -i <ip of SCOM server> -v <oid varbind to be used> STRING $alert.description -v <oid/varbind to be used STRING $computername.tostring()NG $alert.name -v 1.3.6.1.4.1.999.1.4 STRING $alert.severity -v 1.3.6.1.4.1.999.1.5 STRING $alert.timeraised -v 1.3.6.1.4.1.999.1.6 STRING “Open” -v 1.3.6.1.4.1.999.1.7 STRING “Closed”
}

The biggest drawback of this solution is that when there is more than 5 alerts at the same time it will only send the first 5 alerts as traps unless you change the registry key for AsyncProcessLimit.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Modules\Global\Command Executer

In this key create a Dword called AsyncProcessLimit, be very carefull when adjusting this value, the maximum setting is 100.

The second biggest drawback is the impact this script will have on the management server, for each alert a powershell instance will be spawned each with its own memory and cpu requirements, imagine 20 powershell instance each requiring +-20MB of memory.

We are busy working on creating a full fledged SCOM product connector for the CA Spectrum integration that will circumvent the above drawbacks.

Advertisements

One thought on “SCOM Alert as an SNMP Trap

  1. Hello to all, the contents present at this site are truly amazing for
    people knowledge, well, keep up the nice work fellows.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s