Quick Download: https://github.com/thekevinholman/OuputAlertsRulesMonitorsToCSV
This is a script that will generate a list of all Rule and Monitors in a SCOM deployment.
It will also gather important information, like if the workflows generates an alert or not, and the details of the alert like default priority and severity.
Rules:
- DisplayName (of the rule)
- Name (MP rule id)
- Target (class the rule targets)
- Category
- Enabled (true or false)
- Alert (true or false)
- AlertName (The display of the Alert Name as seen in the console)
- Priority
- Severity
- Management Pack Display Name
- Management Pack Name
- Data Source
- Description
Monitors:
- DisplayName (of the monitor)
- Name (mp monitor id)
- Target (class the monitor targets)
- Category
- Enabled (true or false)
- Alert (true or false)
- AlertName (The display of the Alert Name as seen in the console)
- Priority
- Severity
- Management Pack Display Name
- Management Pack Name
- Monitor Classification
- Monitor Type
- Description
Hello, it is a very useful script, but I found 2 issues/problems using it.
1. This script is not compatible with SCOM2007 R2
2. It does not show me the threshold values of each monitor
Not working in SCOM 2007 is a feature, not an issue! (kidding) Seriously though, SCOM 2007R2 extended support ends 7/9/2019. 🙂 The SDK has changed just a bit since then.
On thresholds – that was never part of the design for this. Gathering thresholds is incredibly difficult. Only a tiny percentage of rules and monitors even have a concept of a “threshold”. Thats really a performance thing, which is only a fraction of monitors. Due to SCOM’s design, traversing a monitor design, then the monitortype, then each composite datasource containing other data sources, probe actions, etc…. would be a nightmare. This is why you don’t see a lot of tools that do that. It’s really hard. 🙂
Here is a script which outputs what you want to a CSV file. It goes through the monitors finding the Unit Monitors, which are Performance Health related, and which are ENABLED out of the box. Then it outputs the Target Class, the Display Name of the Monitor, and the Threshold. If it raises alerts, it outputs on what state it raises an alert, whether it auto-resolves, and the Alert Severity:
function GetThreshold ([String] $configuration)
{
$config = [xml] (“” + $configuration + “”)
$threshold = $config.Config.Threshold
if($threshold -eq $null)
{
$threshold = $config.Config.MemoryThreshold
}
if($threshold -eq $null)
{
$threshold = $config.Config.CPUPercentageThreshold
}
if($threshold -eq $null)
{
if($config.Config.Threshold1 -ne $null -and $config.Config.Threshold2 -ne $null)
{
$threshold = “first threshold is: ” + $config.Config.Threshold1 + ” second threshold is: ” + $config.Config.Threshold2
}
}
if($threshold -eq $null)
{
if($config.Config.ThresholdWarnSec -ne $null -and $config.Config.ThresholdErrorSec -ne $null)
{
$threshold = “warning threshold is: ” + $config.Config.ThresholdWarnSec + ” error threshold is: ” + $config.Config.ThresholdErrorSec
}
}
if($threshold -eq $null)
{
if($config.Config.LearningAndBaseliningSettings -ne $null)
{
$threshold = “no threshold (baseline monitor)”
}
}
return $threshold
}
$perfMonitors = get-scommonitor | where-object {$_.XmlTag -eq ‘UnitMonitor’ -and $_.Category -eq ‘PerformanceHealth’ -and $_.Enabled -eq ‘True’}
$perfMonitors | select-object @{name=”Target”;expression={foreach-object {(Get-SCOMClass -Id:$_.Target.Id).DisplayName}}},DisplayName, @{name=”Threshold”;expression={foreach-object {GetThreshold $_.Configuration}}}, @{name=”AlertOnState”;expression={foreach-object {$_.AlertSettings.AlertOnState}}}, @{name=”AutoResolveAlert”;expression={foreach-object {$_.AlertSettings.AutoResolve}}}, @{name=”AlertSeverity”;expression={foreach-object {$_.AlertSettings.AlertSeverity}}} | sort Target, DisplayName #| export-csv “c:\monitor_thresholds.csv”
Hi kevin,
Great! I’m looking for a script which all results the collection frequency, threshold for the Scom performance rules. It would be very helpful.
HI Kelvin,
Thank you for your continuous support. I want SQL agnostic MP Rules and Monitors with the Thresholds in csv files. Can you please help here. I have tried to export MP using MPviewer but thresholds are not populating. It will be helpful if you can suggest some thing here. Our current scom version is SCOM 2019.
Thanks,
Balakrishna
Dear Kevin,
Thank you for the script. I would need an help, is it possible to get the Agent managed details to add to the script against the MP?
Hi Kevin,
Thank you for the script. It was really helpful and the script worked like charm with good visualizations.
The script is not working on SCOM 2016. getting this error…
Getting all Rules in SCOM…
Getting Properties from Each Rule…
You cannot call a method on a null-valued expression.
At D:\OutputAllRulesAndMonitorsToCSV.ps1:81 char:7
+ $AlertName = $WAXMLRoot.AlertMessageId.Split(‘”‘)[1]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Exception calling “GetStringResource” with “1” argument(s): “An object of class ManagementPackStringResource with ID
fb2d5b3d-7f09-7ae4-896e-d38fc3426fba was not found.”
At D:\OutputAllRulesAndMonitorsToCSV.ps1:86 char:7
+ $AlertDisplayName = $MP.GetStringResource($AlertName).DisplayNa …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ObjectNotFoundException
The script works fine on SCOM 2016.
Your issue is that you have some unexpected management pack with a strange configuration and the script is not handling.
You can add these lines in the script above the line 80: “#Get the Alert Display Name from the AlertMessageID and MP”
Write-Host $RuleDisplayName
Write-Host $RuleName
Write-Host $MPDisplayName
Write-Host $MPName
This will output the offending rule right before the error is thrown.
HI Kelvin,
Thank you for your continuous support. I want SQL agnostic MP Rules and Monitors with the Thresholds in csv files. Can you please help here. I have tried to export MP using MPviewer but thresholds are not populating. It will be helpful if you can suggest some thing here. Our current scom version is SCOM 2019.
Thanks,
Balakrishna
I explain in the comments above why getting “thresholds” is not part of this design, nor it is incredibly feasible due to how SCOM managed complex datasources.
Download link seems to be broken.
This should work:
http://web.archive.org/web/20200318065555/https://gallery.technet.microsoft.com/Get-All-SCOM-Rules-853ecfde
Updated the download link.
Hi Kevin,
Thanks a lot for updating the link.
May I know how the overrides are calculated here, because I see lot of overrides missing from my MP which I use for server overrides.
Also, I see lot of errors like below when collecting the Rules data. I am running SCOM 2012 R2.
Exception calling “GetStringResource” with “1” argument(s): “An object of class ManagementPackStringResource with ID 0f02fa6a-4900-2da5-1061-279be5ded9cc was not found.” At C:\Users\admin-guptaa5\Desktop\Scripts\OutputAllRulesAndMonitorsToCSV.ps1:86 char:7
+ $AlertDisplayName = $MP.GetStringResource($AlertName).DisplayName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ObjectNotFoundException
Thanks again for all your help.
This is fixed – there are scenarios where the alert did not have an AlertMessageId so the get-stringresource failed with exception. The HP management packs caused this in my testing – so I updated the script to address the issue.
If you run Kevin’s script in a system with the Exchange 2010 management pack, you will miss some alerts. The Exchange 2010 management pack has a custom Alert generation module called Microsoft.Exchange.2010.GenerateAlertFromSdkEvent.
In order to account for this, make the following changes:
Insert the following 4 lines at Line 42:
#Get the Exchange GenerateAlertFromSDKEvent module, and its ID
$ExchangeMP = Get-ScomManagementPack -Name “Microsoft.Exchange.2010”
$ExchGenAlertWA = $ExchangeMP.GetModuleType(“Microsoft.Exchange.2010.GenerateAlertFromSdkEvent”)
$ExchGenAlertWAId = $ExchGenAlertWA.Id
Change Line 71 of Kevin’s script from:
IF ($WAId -eq $AlertWAID)
To:
IF(($WAId -eq $AlertWAID) -or ($WAId -eq $ExchGenAlertWAId))
This will allow the script to recognize the Exchange 2010 alert module, and parse the Alert Name and properties properly.
Hi Kevin,
Thank you for the wonderful script. Is it possible to add another column with ResolverGroup information?
Regards,
Deepak
Hi Kevin,
Thanks for the wonderful script. Is there any possible way to add another Column for Resolver Group(SCSM Queue) as well.
Thanks,
Deepak
Hi Kevin,
Even i had the similar requirement.Is it possible to gather the information, to which resolver group Monitors/Rules/Alerts will be sent to?
Regards,
Ravi shankar
Is there a way to modify this script for a specific group?
Thanks for this script.
Now that I have these CSV files.
How do I import this information into SCOM again.
How to get the alert severity details for specific MP.