I have a requirement at one of my clients to perform alert enrichment on the SCOM alerts before the alerts are forwarded into BMC BPPM.
The alert enrichment is a simple thing whereby the customfield 2 of the SCOM alert must be populated with instructions to the 24/7 service desk on what must be done with the alert, ie: who must be notified/contacted for the alerts.
I’ve decided to implement a fully fledge SCOM 2012 product connector and to call this connector “CustomField2”, this connector will “listen” for any new SCOM alerts and then using the NetbiosName, AlertName, MonitoringObjectName of the SCOM alert, reference a SQL table with these fields to get the CustomField2 contents – “AlertText” in the table.
The structure of the SQL table below
The product connector does 7 checks against the SQL table.
1. Reads the table and look for entries where the netbiosname and alertname and monitoringobject has a match
Example: ServerX, Disk Free Space and C: drive
2. Reads the table and look for entries where the netbiosname and alertname has a match
Example: ServerX and Disk Free Space
3. Reads the table and look for entries where netbiosname has a match
4. Reads the table and look for entries where alertname has a match
Example: Disk Free Space
5. Reads the table and look for entries where the netbiosname and monitoringobject has a match
Example: ServerX and C:
6. Reads the table and look for entries where the monitoringobject and alertname has a match
Example: C: and Disk Free Space
7. Reads the table and look for entries where the monitoringobject has a match
Having different checks allows for a very granular setup and alert enrichment to take place.
The product connector checks every 8 seconds for new unacknowledged alerts and where the CustomField10 <> “Processed” and process only these alerts.
The product connector also updates the Customfield10 with “Processed” and updates the alert history with “Alert updated with custom fields”
If there is no match in the 7 checks the CustomField10 is updated with “Processed” and the alert history is updated with “no record found for customfield2”
The product connector also writes out events in a custom event log called “AmmendSCOM”, these events is used for troubleshooting and tracking of what the connector is doing
Screenshot of an updated SCOM alert with the customfields populated
History tab of the SCOM Alert
Screenshot of unsuccessful update
Screenshot of what this looks like in the Active Alerts view
For the alert to be picked up by the BMC connector the Customfield2 connector sets the connectorid for the updated alert equal to the id of the BMC connector and also updates the Resolution State of the alert to the BMC BPPM connector resolution state.
When the alert arrives and the BMC BPPM connector the Customfield2 field and the SCOM alert description is then concatenated into the BPPM Event Message.
The 24/7 service desk then knows who should be contacted by referencing a call out portal with the team name as per the BPPM message.
PM me for more details about the connector.