Generate SCOM events that can be turned into alerts

This post contains the details about the application I wrote to generate events in SCOM. This allows SCOM to receive events via the SDK and associate them with an object in SCOM. The supported object types are Node, Windows, and Unix. Node refers to a network node type, not a cluster node. The command line parameters allow you to specify the event message along with other details. Hopefully this post will help you download the necessary files and begin to generate events in SCOM.

There is also a management pack and fragments that are used to turn the event to alerts in SCOM. This was the only way I found to generate an alert in SCOM from the command line.

Refer to the repository on Github at https://github.com/dpsmith005/SCOMAlerts

The uploaded files contain a Readme.md and a README.TXT. Refer to the README.txt for description of the files. This can be downloaded with the others files and can be used as a reference.

The files used to generate the SCOM events are:

  • SCOMalerts.exe
  • SCOMalerts.exe.config
  • CommandLineUtility.dll
  • CryptPassword.exe
  • CryptPassword.dll

SCOMalerts.exe -help will give the command line parameters needed to generate the SCOM event.

SCOMalerts.exe.config needs to be confiigured for your environment.

CommandLineUtility.dll is used to handle command line parameters.

CryptPassowrd.exe is used to create the encrypted password to use with the scom admin account specified in the config file.

CryptPassword.dll is used by the CryptPassword.exe for creating the password

Configure

The first thing to do is create a password file for the SCOM account used for the event creation. CryptPassword.exe -e will create a file enpw. Rename this file. This file is needed to configure the SCOMalerts.exe to run and connect to the SCOM management server.

Next open the SCOMalerts.exe.config for editing. This file containes the following information

		key="SCOMuser" value="scom_admin_user"
		key="SCOMpasswd" value="password.file"
		key="SCOMserver" value="scomserver.domain.org"
		key="Domain" value="domain.org"
		key="logfile" value=".\SCOMalerts-log.txt"
		key="debug" value="true"/>

SCOMuser is the user account that corresponds to the password that was created in the previous step.

SCOMpasswd is the password file created earlier.

SCOMServer is the management server fully qualified domain name.

Domain is the AD domain where the management server resides.

logfile is the location of the log file for debug and error messages to be written.

debug value is set to true or false. This enables logging debug information to the logfile.

Once this is configured the application is ready to test.

SCOMalerts.exe -help

The Command Options are as Follows:
    -help --help /help -? --? /? - will display the help message.
    -svr    - FQDN of the server for the alert
    -msg    - Alert detail to be displayed
    -level  - 1, 2 4 (critical, Warning, Informational)
    -eventNumber - 8100 for testing
    -type   - is the server type.  Valid: Node, Windows, Unix.  Default or incorrect is Node (Network Node)

 *the parameters are case sensitive.

Test Event

SCOMalerts -svr <Server_generating_event> -msg “Test event message” -level 4 -eventNumber 8800 -type Windows

This should generate and event in SCOM with the information you specified. Keep in mind this object needs to exist in SCOM. Events will not be created in SCOM for objects that do not exist.

Visual Studio Code

Program.cs is the C# code used to create the application.

I have included the the full VS code that was used to create this application. The folder SCOMalertsVScode contains the code. Simply download this folder to your VS repo and run the sln file to load he program. You may need to point the referense to the dll’s in the SCOMalerts\bin folder. There a 4 standard SCOM dll’s that should be installed if you have setup VSAE. CommandLine.Utility.dll and CryptPassword.dll are libraries I created to assist this program. I use this in other programs, that is why I made them libraries.

Management Pack for Alerts

In order to turn the event into an alert, the event must have a rule to detect the event and generate an alert. This MP takes advantage of this built-in functionality within SCOM. In the MP folder there is a Custom.Event.Alert.xml file that is a self contained management pack. Simply add this management pack to SCOM and check out the preconfigured rules.

I have also included 3 management pack fragments for different node types. The application contains a parameter type. This type is used for the types of objects. The 3 types I have configured are Node, Windows, and Unix. Node refers to a network node type, not a cluster node. Each fragment is designed to work with a specific object type.

You could build your own rules. To do this you need to create a rule that leverages the SDK event provider.