SCOM Reporting Workspace in Operations Console

 

Operations Manager provides extensive reporting capabilities, including multiple report libraries that you can select from to customize reports for your specific requirements. Reports perform a query against the data warehouse database and return the results in an easy-to-read format.

Important
Users must be a member of the Report Operators user role to view reports.

Reporting

Reporting contains all reports installed with Operations Manager and reports included in management packs that you have imported.

The report library contains generic reports (for example, Availability and Configuration Changes reports). Generic reports have no specified context. The context for the report is defined in the parameter header, located at the top of the Report window.

Authored Reports

Authored reports are based on existing reports from the report library. You configure a report with pre-populated parameters and then make it available to other users.

After you run a report, click File, and then click Publish to publish the report with the configured parameters to Authored Reports.

Favorite Reports

You can save configured reports to Favorite Reports to make them continually available to you and to save you the time of reconfiguring a report that you run frequently.

After you run a report, click File, and then click Save to favorites to save the report.

Scheduled Reports

You can schedule configured reports to run on a one-time or recurring basis.

After you run a report, click File, and then click Schedule to configure the report subscription.

Read More

SCOM Authoring Workspace in Operations Console

 The options in the Authoring workspace let you create new monitoring scenarios so you can change or add monitoring in an existing management pack or create a new management pack for an application that does not have one.

For more information about Authoring, see Operations Manager Authoring Guide. The sections below describe the different options in the Authoring workspace and link to the specific sections of the Authoring Guide describing that feature in complete detail.

Management Pack Templates

Management Pack Templates let you create complete monitoring scenarios with minimal input. After you complete a wizard, the management pack template creates monitors, rules, and even classes to implement the particular scenario. You do not have to understand the management pack elements that are created because you can continue to use the template to perform configuration. The template modifies the underlying elements when necessary.

Template	Description
.NET Application Performance Monitoring	Monitor ASP.NET applications and web services from server- and client-side perspectives to get details about application availability and performance.
OLE DB Data Source	Monitor the availability and performance of a database. You can execute sample queries from one or more watcher nodes.
Process Monitoring	Monitor the availability and performance of a wanted process or verify that an unwanted process is not running.
TCP Port	Monitor the availability of an application that is listening on a specific TCP port. You can perform tests from one or more watcher nodes.
Unix/Linux Log File	Monitor a UNIX or Linux log file for a specific log entry one a specific computer or group of computers.
Unix/Linux Process	Monitor that a particular process installed on a UNIX or Linux computer runs.
Web Application Availability Monitoring	Create availability monitoring tests for one or more web application URLs and run these monitoring tests from internal locations.
Web Application Transaction Monitoring	Monitor the availability of a web application by using synthetic transactions.
Windows Service	Monitor the availability and performance of a service running on one or more Windows-based computers.

Distributed Applications

Distributed Applications let you group multiple features that are part of a single application. The health of each included object is used to calculate an overall health for the application itself. This health can be used to support alerts, views, and reports.

Groups

Groups contain a particular set of managed objects. They are used to scope views, reports, and certain monitoring scenarios. Criteria can be provided to automatically populate a group based on properties of the objects, or you can add specific objects to a group.You can create new groups and edit existing groups. You can also view the current members of a group. After it has been created, a group can be used in the Monitoring workspace for scoping views, the Reporting workspace for scoping reports, or in the Authoring workspace for overrides, management pack templates, or service level objects.

Management Pack Objects

The Management Pack Objects section provides access to the different elements that are included in the management packs installed in your management group. Depending on the kind of element, you can create new elements, edit existing elements, or view existing elements.

Attributes	An attribute is a property of a class in a management pack. You can add additional attributes to collect additional information about managed objects. These attributes can be used to support group membership or accessed by monitors or rules.
Monitors	Monitors are workflows that run on an agent and determine the current health of an object. Each monitor uses a particular data source as the event log, performance data, or a script to collect its information.
Object Discoveries	Object Discoveries are workflows that run on an agent and discover objects to manage. You cannot create new object discoveries in the Operations console. You can view existing object discoveries in management packs and use overrides to modify the frequency that they run and other parameters that different discoveries may accept.
Overrides	Overrides are used to change parameters on workflows including monitors, rules, and discoveries. Overrides are created from the property page of the workflow that they apply to. This option lets you view and modify existing overrides.
Rules	Rules are workflows that run on an agent that create an alert, collect information for analysis and reporting, or run a command on a schedule. Each rule uses a particular data source as the event log, performance data, or a script to collect its information.
Service Level Tracking	Service Level Tracking lets you compare the availability of managed objects to a specific object. This option lets you create new Service Level Objectives and edit existing Service Level Objectives.
Rules	Tasks are workflows that run when you request them in the Operations console. Agent tasks run on one or more agent computers. Console tasks run on the Operations console workstation.
Views	Views display managed objects and collected data in the Operations console. Views are created and modified in the Monitoring workspace. This option displays the existing views that are available for each target class.

Read More

SCOM Monitoring Workspace on Operations Console

The Monitoring workspace is where you can see what is going on in your monitoring environment and is the primary workspace for operators. It contains views, diagrams, and dashboard views that compile and present useful information that Operations Manager has gathered.

When you first open the Monitoring workspace or when you click Monitoring in the navigation pane, the Monitoring Overview opens, which displays a summary of health states and alerts as shown in the following illustration.

For details, you can click any of the numbers in the overview, which opens a state view of the selected category. For example, clicking 1 in the Critical row for Computer Health in the illustration above opens a state view of all computers with a critical health state.

Note
A state view displays the health state of selected objects. State views that you open in the Monitoring Overview open in a new window.

Numerous views are provided in the navigation pane upon initial installation, and management packs that you import can add views. You can also create your own views. The icon next to each view in the navigation pane tells you which view type the view uses, as shown in the following illustration.

For more information about the views in the Monitoring workspace, see the following topics in the Operations Guide:

• View Types in Operations Manager 
  
  
• Standard Views in Operations Manager 
  
  
• Creating Views in Operations Manager 
  
  

In most views, you can select an object in the results pane, such as a computer, and then open Health Explorer from the tasks pane. For more information, see About Health Explorer.

Operations Manager generates alerts to inform you of issues and problems in your monitoring environment. For more information about alerts, see Managing Alerts in Operations Manager  in the Operations Guide. You can create notification subscriptions to specific alerts in the Monitoring workspace. For more information, see Subscribing to Alert Notifications in the Operations Guide.

In the Monitoring workspace, you also can suspend monitoring temporarily for specific computers and devices by using maintenance mode. For more information about how to use maintenance mode, see How to Suspend Monitoring Temporarily by Using Maintenance Mode in the Operations Guide.

Read More

Task Scheduler Monitoring in SCOM using Rule

One of the best advantages in SCOM is how easily we can monitor event logs. Simply go to Event Viewer, find the Event ID and start monitoring.

Below are the steps through which Task Scheuler jobs can be easily monitored via SCOM rule.

Things to know before configuring monitoring:

1. Task Scheduler job name should not have spaces.

2. Task name used for monitoring configuration purpose must has to be same as shown in Event XML view.

Steps to retrieve the XML view for events logged via Task Scheduler. I have tried to demo using my case. Please refer to screenshot and steps:

1. Got to Task Scheduler and select the task name "MyJob" (Containing Folder name and Task name should not have spaces).

2. Select "History", select the event log.

3. Click on "Details" tab and click on XML view 

Figure for Steps 1,2 & 3

4. Copy the content into a notepad, or any text editor as per your choice.

5. Find the row containing text <Data Name="TaskName">.

6. Copy the text between the <Data> tag as shown in the figure. (In my case, its "\HourlyJobs\MyJob".) This will be required for configuring Rule in SCOM.

Figure for Steps 4,5 & 6

Now, in further steps, we need to configure a rule under "Windows Server Operating System" target. You can choose any other target of your choice.

Open Authoring workspace on SCOM and create a new Rule for NT Event Log (Alert):

1. Select or create one management pack and Choose NT Event Log (Alert) Rule.

Figure for Step 1

2. Keep the Rule disabled, if you want to target to single server. Give the Rule a suitable name.

Figure for Step 2

3. Give the log name as "Microsoft-Windows-TaskScheduler/Operational"

Figure for Step 3

4. Select the "..." button.

Figure for Step 4

5. Select the third option "Use parameter name not specified above and enter the text "EventData/DataItem/*[name()='EventData']/*[name()='Data' and @Name='TaskName']"

Figure for Step 5

6. Click Ok and complete the expression by specifying equals the copied name that we copied from <Data> tag. (In my case he expression equals "\HourlyJobs\MyJob").

Figure for Step 6

7. Configure the alert as per your need in the next window.

Figure for Step 7

 

8. Finally Override "Enabled" property to "True" for this rule to the desired server where the task scheduler is configured.

Hope you enjoyed the monitoring of task scheduler with this simple configuration. ☺

Read More

Remote Agent Prerequisite Checker Tool

This tool is the command line version of the MOMNetCheck tool we shipped with MOM 2005 resource kit. The new tool allows you to specify multiple computer names to run the check against and accounts for the new prerequisites required by the OpsMgr agents such as MSXML 6. Instruction on how to use this tool is available in the readme that is part of the attached zipped file. You need .NetFramework 2.0 to run the tool, you need to have permissions to access remote registry on the remote servers and you need to copy the tool down locally before you can run it.

MOMNetChkCmd.zip

Read More

All SCOM Event IDs Spreadsheet

 The following are typical situations:

1. I get a colleague or a customer telling me “I am having a problem and the SCOM agent is showing 21037 events and 20002 events.  What’s wrong with it?”   
2. I want to tune an OpsMgr environment and reduce load on the database by turning off a few event collections, as my friend Kevin Holman suggests here http://blogs.technet.com/kevinholman/archive/2009/11/25/tuning-tip-turning-off-some-over-collection-of-events.aspx .
3. I am analyzing, sorting and grouping Events with Powershell like I have written on my blog lately http://www.muscetta.com/2009/12/16/opsmgr-eventlog-analysis-with-powershell/ but I can’t read those long descriptions properly.
4. I exported an EVT from a customer environment and I load it on a machine that does not have OpsMgr message DLLs installed – all I see are EventIDs and type (Warning, Error) – but no real description – and I still want to figure out what those events are trying to tell me.

Getting to the point: I, like everyone – don’t have every OpsMgr event memorized.

This is why I thought of building this spreadsheet, and I hope it might come in handy to more people.

The spreadsheet contains an “AllEvents” list – and then the same events are broken down by event source as well:

When you want to search for an events (in one of the situations described above) just open up the spreadsheet, go to the “AllEvents” tab, hit CTRL+F (“Find”) and type in the Event ID you are searching for:

And this will take you to the row containing the event, so you can look up its description:

The description shows the event standard text (which is in the message DLL, therefore is the part you will not see if opening an EVT on another machine that does not have OpsMgr installed), and where the event parameters are (%1, %2, etc – which will be the strings you see in the EVT anyway).

That way you can get an understanding of what the original message would have looked like on the original machine

Read More

Monitor F5 BIGIP with OpsMgr

 

Introduction

Monitoring F5 BIGIP (the term ‘firewall appliance’ is used interchangeability) with OpsMgr is out of the box not possible. A few 3rd party companies offer professional Management Packs equip OpsMgr with this capability.

As F5 BIGIP offers REST and SNMP interfaces, self-authoring a Management Pack seemed to be a possible task.

Please find below details of some hours’ brain work ;-)

 

Design

• A Windows Server, taking the role of ‘F5 Monitoring Server’ queries firewall appliances via SNMP and REST.
• A Scheduled Task is launching PowerShell scripts which perform the queries and storing the result in JSON files locally.
• Discoveries and Monitoring scripts in the F5 MP are interpreting the JSON files to provide OpsMgr Topology and Health information. 

 

Configuration (Optional)

After importing the Management Pack the following Monitors may be configured:

Usage

Alert views show details current breaches of configured threshold breaches:

State view show the state of a particular item:

See the whole system by opening the diagram view on “system”:

 

Management Pack Source

GitHub: https://github.com/Juanito99/F5_BIGIP_OpsMgr

 

License Terms

Monitor F5 BIGIP with OpsMgr
Copyright (C) 2017 Ruben Zimmermann (Juanito99)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANT ABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

Read More