SCOM 2012 Product Connector for Alert Enrichment

I have a requirement at one of my clients to perform alert enrichment on the SCOM alerts before the alerts are forwarded into BMC BPPM.

The alert enrichment is a simple thing whereby the customfield 2 of the SCOM alert must be populated with instructions to the 24/7 service desk on what must be done with the alert, ie: who must be notified/contacted for the alerts.

I’ve decided to implement a fully fledge SCOM 2012 product connector and to call this connector “CustomField2”, this connector will “listen” for any new SCOM alerts and then using the NetbiosName, AlertName, MonitoringObjectName of the SCOM alert, reference a SQL table with these fields to get the CustomField2 contents – “AlertText” in the table.

The structure of the SQL table below

The product connector does 7 checks against the SQL table.

1. Reads the table and look for entries where the netbiosname and alertname and monitoringobject has a match

Example: ServerX, Disk Free Space and C: drive

2. Reads the table and look for entries where the netbiosname and alertname has a match

Example: ServerX and Disk Free Space

3. Reads the table and look for entries where netbiosname has a match

Example: ServerX

4. Reads the table and look for entries where alertname has a match

Example: Disk Free Space

5. Reads the table and look for entries where the netbiosname and monitoringobject has a match

Example: ServerX and C:

6. Reads the table and look for entries where the monitoringobject and alertname has a match

Example: C: and Disk Free Space

7. Reads the table and look for entries where the monitoringobject has a match

C:

Having different checks allows for a very granular setup and alert enrichment to take place.

The product connector checks every 8 seconds for new unacknowledged alerts and where the CustomField10 <> “Processed” and process only these alerts.

The product connector also updates the Customfield10 with “Processed” and updates the alert history with “Alert updated with custom fields”

If there is no match in the 7 checks the CustomField10 is updated with “Processed” and the alert history is updated with “no record found for customfield2”

The product connector also writes out events in a custom event log called “AmmendSCOM”, these events is used for troubleshooting and tracking of what the connector is doing

Screenshot of an updated SCOM alert with the customfields populated

History tab of the SCOM Alert

Screenshot of unsuccessful update

Screenshot of what this looks like in the Active Alerts view

For the alert to be picked up by the BMC connector the Customfield2 connector sets the connectorid for the updated alert equal to the id of the BMC connector and also updates the Resolution State of the alert to the BMC BPPM connector resolution state.

When the alert arrives and the BMC BPPM connector the Customfield2 field and the SCOM alert description is then concatenated into the BPPM Event Message.

The 24/7 service desk then knows who should be contacted by referencing a call out portal with the team name as per the BPPM message.

PM me for more details about the connector.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s