ACS (Audit Collection Services) in SCOM uses a WMI filter to reject certain events from being collected and stored in the Audit database. This filter supports about 4800 characters, so the filters can get very large and very advanced. It is important to test these before implementing to ensure you…
There are certain management packs that will use product connectors to insert discovery data into SCOM, or to manage alerts. Sometimes, you might find that the vendor did not provide a way to remove these product connectors, when you decide to stop using the MP or solution which created…
When you first install reporting, you have to supply a management server. This is used for SDK based connections that SCOM reporting requires. If you ever retire this management server, reporting will break so this is an additional step to ensure you check whenever you retire a MS. …
This is pretty exciting. Microsoft just shipped a totally new AD MP. This one has no dependencies on the previous ADMP, that has been mostly based on the same core design for the past 15 years! https://www.microsoft.com/en-us/download/details.aspx?id=54525 The new ADMP supports monitoring Active Directory when yours DC’s…
I will try to use this post as a running record to help you find all the MP’s that we have released for Windows Server 2016 OS and the unique server roles for which we create MP’s for. As with all MP’s, you should give great scrutiny, and only…
This is a script example on how to get statechangeevents from monitor context using PowerShell. This example uses a URL transaction monitor, but you can change this to any class/classinstance. #Set arrays to empty $Monitor = @() $MonitorColl = @() $States = @() #Get Web Transaction URL Class…
I recently wrote a blog article on Extending the Windows Computer class from Registry keys on agents. You can read about that here: https://kevinholman.com/2016/12/04/extending-windows-computer-class-from-registry-keys-in-scom/ However, what about UNIX/Linux agents? They don’t have the concept of a Windows Registry. For those, we can use a file on the file system…
I recently had an interesting customer issue. They wanted to collect some specific events for reporting. This was specific to NTLM authentications. The problem was – that these events could potentially FLOOD some servers, and they didn’t want to collect ALL the events, just a sample of unique events on…
Consider the scenario – you want to monitor the event logs for a specific event, however, this event has a tendency to “storm” or log hundreds of events in a short time window. Not a good condition for a monitoring system, as you can quickly overwhelm the system, nor do…
Years ago – I wrote a post on customizing the “Windows Computer” class, showing how to use registry keys to add properties to the “Windows Computer” class, to make creating custom groups much simpler. You can read about the details of how and why here: https://kevinholman.com/2009/06/10/creating-custom-dynamic-computer-groups-based-on-registry-keys-on-agents/ I later updated that…