SCOM 2007: Custom Alert Fields
Just recently I needed to connect SCOM to an in-house written Problem Management system. There was not a connector available and it was also not possible to generate tickets directly in the system itself.
The only way the system is receiving input is via mail through specific keywords.
Most of the keywords could be mapped to standard alert fields like severity, time raised, description….
BUT (off course there’s a but) the system also requested other fields to decide proper escalation, severity,…
The previously used system onsite is MOM2005. In MOM2005 there’s an option to define globally these fields so you can use them in whatever alert you want to raise.
This is in MOM2005:
Open Operator Console > Administration > Global Settings > Custom Alert Fields
Up to 5 Custom Fields can be named here:
These fields can than be addressed in the Rules you create and can be populated with the text you define:
When you select Custom Fields the labels you specified in the Custom Alert Fields settings are shown here and you can pass info to the fields via the rule into the alert:
While setting up the same connection from SCOM to the Problem management system I found out it’s not possible to define the custom fields globally in SCOM like we did before in MOM.
BUT there are 10 (!) Customalertfields available in the SCOM dbase to use as u please.
So How can we use these fields and fill them in with the proper parameters to give the correct data to the Problem Management system to do it’s magic?
Well through an Alert Generating Rule which is event based:
Open Scom Console and navigate to Authoring > rules > right click in the right pane and choose new Rule…
Note: Always change your destination management pack to something OTHER than your Default Management Pack.
In this example I’ll be creating a new rule for event ID 145 in the application log to show where exactly the custom fields are.
- The rule Name
- Description (if required)
- Rule Category: We’ll leave it at Custom for this rule
- Rule Target: Choose the Target class to where you want to target your rule. In this example we’re targeting towards all Windows Computers
Fill in the Event log name where you want to look for the event. In our case this is the Application log.
We want to look for an event ID which is equal to 145 in this case.
And in this screen there’s the option to add Custom alert field parameters.
Unfortunately it’s not possible to label them as you could in MOM so you need to keep a description at hand what you want to fill in in what number of custom field.
The custom fields are written in the SCOM dbase and can be used in PowerShell or other scripting language.
The parameter in PowerShell is $_.CustomField1 through $.Customfield10.
By passing the info here I was able to deliver the correct data to the Problem Management system to do it’s magic in the background…