Jump to content
Sign in to follow this  
t-zwck

Reset monitor when closing alert

Recommended Posts

How to: Reset monitor when closing alert?

 

 

Not something I recommend, one would say I almost regret we did not prohibit closing alerts generated by monitor (especially when auto-resolve feature was used). But recently I learned about some ticketing systems closing alerts where it is unclear if issue was corrected, so I see some necessity to automate the action of resetting monitor health state to re-generate monitor state change when issue still present after ticket was closed.

 

Problem Description:

 

Again, as said, there may be legitimate situations where a customer needs to reset monitor health once an alert generated by its state change has been resolved. Such scenario would include automated ticketing systems resolving alerts without providing enough evidence that issue was indeed addressed, situation where operator resolves batch of alert without investigating their root cause (after network outage) and/or by mistake.

 

Recently I saw this type of request from multiple sources independently of each other so I decided to provide what I believe may be the only solution on how to achieve this functionality – OpsMgr connector.

 

Analyzing proposal:

OpsMgr connector is nice feature allowing subscribing to alert changes happening for members of specified group. It also allows reacting on such change, in our case by locating monitor associated with alert and requesting its state reset thru SDK call.

 

Note:

I will not discuss connector internals (registration, used subscription …) but will provide source code for possible reverse engineering of my implementation.

 

Solution:

Attached, you can find source code for my solution as well as binary you should copy into your RMS product folder. You need to initialize connector when you start it. Such action will import MP with group definition (if MP was not imported already), it creates connector and its subscription (again if such actions are necessary) and starts worker thread to receive monitor raised alerts.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

You should see connector created (in Administration section of operations console) after successful initialization.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Currently connector uses group which is populated with instances of computer. This can be adjusted (steps described later) and you should be able to see all members after group calculation rule finishes (in Authoring section of the operations console).

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Bellow is an example of alert raised by test event based monitor. When this alert is resolved, state of the monitor resets.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Customization:

As mentioned, this connector will respond to all alerts generated for any monitors which belong to the instance of Windows Computer. It is rather simple to customize the managed entity type you want to use though.

 

First export connector management pack:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Then edit management pack in XML editor of your choice. You need to change type used with relationship as well as group population rule:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

After changes are saved and you imported your management pack, please restart connector application (initialization button will not overwrite changes to MP, but remove button will delete MP from OpsMgr when removing connector from your environment). You can see in the source code that worker thread starts in 3 minutes (to give group calculation time to populate group) and subscription uses 1 minute polling interval to retrieve all alerts as per subscription definition.

 

One more word of caution to be said is that connector like this may not be fully scalable in big environments and additional work could be needed. This post can serve as nice example and base stone for such more advanced application though.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...