Today I had to explain to a customer how you need to target a rule or monitor to a specific computer group.
This is actually not a very intuitive process and if you are used to work with MOM2005 the process is different and can have big implications in the behavior of the rule / monitor you’ve created.
This is the only correct way if you want to target a rule or monitor to a select group of server.
Create your rule:
Open your console and go to the tab Authoring and navigate to the Rules. Right Click > Create a new rule…
In the “Create Rule Wizard” select the desired rule. In this example I’m going to create an Event Based rule in the NT Event Log (Alert).
CAUTION: make sure to change the destination management pack to a custom management pack and NOT the default management pack.
Give the rule name and click the “Select” button just behind Rule Target:
Here you need to target a class of which you are certain all the servers you want to target are part of. In this case I choose “Windows Server” but if you are for example convinced they are all SQL server you can target the “SQL server” class.
If you have selected the appropriate class hit ok but not next on the page.
Make sure the “Rule is enabled” tick box is off!
Now choose the event log where to target your rule. In our case it’s the Application log
The filter. In this example I’m searching for an Event ID 150 created by the source “Eventcreate”
Next thing is to specify the information that will be generated by the alert:
Now click create.
Create your Group
So far the rule has been created but is disabled. The next thing we need to do is create our group which contains the specific set of servers which need to be targeted. In the Authoring pane choose “Groups” > Right click > choose “Create a new Group…”
Choose a name for the group and again CHANGE the default management pack as a target.
NOTE: Choose the same management pack where you want to create your override in later on. It’s not possible to reference another unsealed group from a unsealed group so either use the same group for both your override and group or seal the management pack where your group is created in.
The next option is to specify the explicit group members.
There are actually 2 approaches to populating the group (which can be combined).
The first one is that you specify the explicit members of the group. They will be always in the group included no matter what criteria you specify later on. The disadvantage you have is if you install a new server which need to be targeted you have to manually include it here.
The second approach to populate your group is Dynamic Inclusion rules. These rules have a set of conditions to add servers. These can be for example all servers which are SQL servers based on the class or all servers which name starts with “SERVER0”.
You can also specify servers to be included in this group which reside in another group.
Specifically deny Objects from being included in the group:
When you are confident you have included all the servers in the groups click create.
Create your override for the rule
At this point go back to the Authoring pane > Rules > search for your new created rule.
In this example you can see our newly created rule in disabled state:
Right click the rule and choose Overrides > Override the Rule > For a Group…
Now choose the group we created earlier on:
In the override parameter locate the “Enabled” parameter and tick the box in the “Override” column. In the Override Value choose “True” , click Apply and OK.
At this point the rule we have created is targeted only to the servers you’ve added to the computer group and not enabled on all the other servers. This is in face a total different approach from the way of working in MOM2005.
This is because the computer groups (The class of objects that are computer groups) only exist on the RMS. If you target a rule directly to a computer group it will try to collect info from the RMS instead of the computers you have intended.
Is this any different tha just creating the group first and the choose the group as target in stead of choosing Windows Computer. Seems more logical to me.
Svavar
This is very different from creating the group and targeting the rule at the group:
1) You cannot target a rule or monitor (or discovery) at a group. You need to target the rule \ monitor at a class. OK, SCOM will let you do this but it won’t work as expected.
2) You can target an override at a group (in this example the override is to enable the rule for the group).
Hi Graham,
If we create a Service Monitror using the template , then we can Target it to Group correct ?
Hi Dieter. Thanks for sharing this. Any idea why a recovery task won’t work for a group targeted through an override?
This depends on how you target the recovery task. Best is to do this on a class level and not on a group.
Note that this will only work if the computer group is created in the same management pack as the rule OR the computer group is created in a sealed management pack. This was tested in SCOM 2012.
You are right on that one. That’s why I put all my important groups in a sealed mp.