A good way to filter out all the noise in SCOM is to use the priority field of generated alerts. Creating views only showing high-priority alerts and configuring/overriding certain rules and monitors to raise alerts with high priority can help you in your daily operations to handle only alerts of interest for you without really losing any of the other alerts.
Most management packs are written to raise almost any alert with priority 1 (meaning medium). Still, some of them are raised with low (0) priority or high (2) priority. To find those rules and monitors in your or any 3rd party management pack, I’ve created a small PowerShell script to identify them and print them to the console.
Here’s the script to find all the rules:
## find all rules with a certain priority (0 = Low, 1 = Medium, 2 = High)
$RMS = "rms-server-name"
$Priority = 2
$ManagementPacks = Get-ManagementPack
## iterate through the management packs
foreach ($ManagementPack in $ManagementPacks)
{
## get all the rules in the current management pack and iterate through them
$Rules = $ManagementPack.GetRules()
foreach ($Rule in $Rules)
{
## get through all writeaction of the current rule and look for a write action "GenerateAlert" and the configured priority
foreach ($WriteAction in $Rule.WriteActionCollection)
{
if (($WriteAction.TypeID.GetElement().Name -eq "System.Health.GenerateAlert") -and ($WriteAction.Configuration -like "*$Priority*"))
{
Write-Host "Rule : "$ManagementPack.Name" : "$Rule.DisplayName
}
}
}
}You can also look for different write action configurations, such as Severity, AlertName or AlertDescription. Unfortunately the only way to do this for rules is to look for string matches in the configuration property – which is a string property containing the configuration XML fragment.
The alert configuration for monitors is easier and “cleaner” implemented. Properties like AlertPriority are exposed directly and can be accessed much more easier.
Here’s the script to find all the monitors:
## find all monitors with a certain priority (0 = Low, 1 = Medium, 2 = High)
$RMS = "rms-server-name"
$Priority = 2
$ManagementPacks = Get-ManagementPack
## iterate through the management packs
foreach ($ManagementPack in $ManagementPacks)
{
## get all the rules in the current management pack and iterate through them
$Monitors = $ManagementPack.GetMonitors()
foreach ($Monitor in $Monitors)
{
## get the alert settings of the current monitor and look for the configured priority
$AlertSetting = $Monitor.AlertSettings
if (!($AlertSetting -eq $null))
{
if ($AlertSetting.AlertPriority -eq $Priority)
{
write-Host "Monitor : "$ManagementPack.Name" : "$Monitor.DisplayName
}
}
}
}
Co-Founder and CEO of Royal Apps GmbH and Windows lead developer for Royal TS, a multi platform, multi protocol remote management solution, for Windows, macOS and mobile supporting RDP, VNC, SSH, Telnet, and many more.
Long time Microsoft MVP (2010-2020) supporting communities on- and offline as well as speaking at user groups and conferences about DevOps and other software development topics.