This post continues on my previous post, on how to deal with tuning alerts in SCOM.
Like I mentioned before, getting a hold on the shear amount of alerts in SCOM can be a huge challenge.
As you may or may not know, there are two types of alerts in SCOM:
- Monitor Alerts
- Monitors have impact on the health state of an object, and have the capability to close themselves when the issue has been resolved. In fact, I would say 90% of the monitors are configured to close automatically.
- Rule Alerts
- Rule alerts do not affect health state, as such, they can not close themselves automatically. A scenario where rule alerts are useful is if you want to alert on a specific event, but that event does not have another event to trigger a healthy state. If you use a monitor in this scenario, you would have to reset the health every time.
As you can imagine closing these alert rules every day is quite the task, and it becomes a burden for most SCOM operators.
Tao Yang’s MP
Using the Tao Yang’s self maintenance management pack, you can close alerts coming from a rule when they do not reoccur in a certain time frame automatically.
It has some other very nifty features to help keep your SCOM environment healthy, so I would definitely recommend this MP. More information can be found on the link above.
Alert rules typically have a repeat count, so if the issue is temporary, that repeat count should not increase. By looking at the date last modified of the alert rule, we can determine if the alert is still relevant or not.
Here’s how you configure it using the self maintenance management pack:
- First you have to import the management pack of Tao Yang.
- Go to authoring -> rules
- I made a gif on how to configure this, in this example all rule alert that are older than 2 days and have not reoccurred, will be automatically closed and will be checked each 2 hours. The alert rule is called OpsMgr 2012 Self Maintenance Close Aged Rule Generated Alerts Rule
After this is configured, the non relevant alerts from rules will be automatically closed.
This helps you focus on relevant alerts and not having to go through the daily chore of cleaning up alerts.
If you have any questions regarding the configuration, feel free to leave a comment below.