Share via

SCOM 2012: Bulk Override Creation for Monitors and Rules using PowerShell

  • Article

Overrides are the key in SCOM to fine-tuning your monitoring.

This article explains how to create monitors and rules overrides in bulk using PowerShell.

To create any override the property of the monitoring/rule should have override parameters configured in their respective module.

Monitors

Monitors are state based and the following are the predefined override parameters in addition to monitoring module-specific override parameters.

Parameter Name Parameter Type
Alert On State Enumeration
Alert Priority Enumeration
Alert Severity Enumeration
Auto-resolve Alert Boolean
Enabled Boolean
Generates Alert Boolean

  

PowerShell script

The following script obtains all monitors from the SQL management pack and creates an override to monitor when generate alert is disabled and to enable alerting**.**

Import-module operationsmanager

New-SCOMManagementGroupConnection

 

$mps=Get-SCOMManagementPack |?{$_.name -match "sql"}

$overrideMp= Get-SCOMManagementPack -Displayname "sql.Override"

$Monitors=$mps|Get-SCOMMonitor |?{$_.xmltag -eq "UnitMonitor"}

 

foreach($Monitor in $Monitors)

{

if($Monitor.AlertSettings.AlertOnState -eq $null)

{

$Target= Get-SCOMClass -id $Monitor.Target.id

$overridname=$Monitor.name+".Override"

$override = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackMonitorPropertyOverride($overrideMp,$overridname)

$override.Monitor = $Monitor

$Override.Property = 'GenerateAlert'

$override.Value = 'true'

$override.Context = $Target

$override.DisplayName = $overridname

}

}

$overrideMp.Verify()

$overrideMp.AcceptChanges()

  

Rules

Rules are stateless and the following are the predefined override parameters to override in addition to rule module-specific overrides parameters.

Parameter Name Parameter Type
Priority Boolean
Severity Integer
Enabled Integer

  

PowerShell script

Following script will get all rules from Dell management packs and create an override for disabled rules.

Import-module operationsmanager

New-SCOMManagementGroupConnection

 

$mps=Get-SCOMManagementPack |?{$_.name -match "dell"}

$overrideMp= Get-SCOMManagementPack -Displayname "DELL.Overrides"

$rules=$mps|Get-SCOMRule

 

foreach($rule in $rules)

{

if($rule.Enabled -ne "false")

{

$Target= Get-SCOMClass -id $rule.Target.id

$overridname=$rule.name+".Override"

$override = New-Object Microsoft.EnterpriseManagement.Configuration.Management`PackRulePropertyOverride($overrideMp,$overridname)

$override.Rule = $rule

$Override.Property = 'Enabled'

$override.Value = 'false'

$override.Context = $Target

$override.DisplayName = $overridname

}

}

 

$overrideMp.Verify()

$overrideMp.AcceptChanges()

This script creates overrides in bulk for any override parameters for monitors and rules. Some admins will not want to enable all monitoring at once in production (where Development SCOM server is not available) for a new management pack. To handle this you can run the below script to disable all rule/monitors and enable monitoring by deleting override class by class after reviewing which ones will help in reducing alert floods and keep SCOM infrastructure healthy.

Note: The above script will not create a new override MP (i.e. DELL.Overrides and SQL.Override) it uses existing MP.