This is a continuation of a Data Center Automation series of posts that I have been working on with Anders Bengtsson. Here are the first two posts in this series:

Creating Management Packs in SCOM 2012 with PowerShell
Creating Performance Collection Rules in SCOM 2012 with PowerShell

This script is also included as an activity in the Operations Manager Admin Integration Pack.

Syntax:

.\CreateEventBasedAlertingRule.ps1 –ManagementServer ‘om01.contoso.com’ –ManagementPackID ‘custom.example.test’ –RuleID ‘custom.example.test.rule.Event9999’ –RuleName ‘My Test Event 9999 Alerting Rule’ –RuleDescription ‘Test Rule’ –RuleTarget ‘Microsoft.Windows.Computer’ –ComputerName ‘$Target/Property[Type=”Windows!Microsoft.Windows.Computer”]/PrincipalName$’ –EventLogName ‘Operations Manager’ –EventID 9999 –EventSource ‘Health Service Script’ –AlertName ‘My Test Event 9999 Alert’ –AlertPriority 1 –AlertSeverity 1 –SuppressOnEventID true –Enabled true

Parameters:

Name Description
ManagementServer Name of MS to connect to
ManagementPackID ID of the MP you want to put the new rule in (it will create one if it doesn’t exist)
RuleID ID of the rule you want to create
RuleName Friendly name of the rule you want to create
RuleDescription Description of the rule
RuleTarget Class that you want to target the rule at
ComputerName Variable for the computer name. This will vary depending on your target.
EventLogName Name of the event log to look in
EventID Event ID of the event
EventSource Source of the event
AlertName Name of the alert
AlertPriority Priority of the alert: Critical (2), Warning (1), Information (0)
AlertSeverity Severity of the alert: High (2), Medium (1), Low (0)
SuppressOnEventID Choose true of false depending on whether or not you want to suppress repeat alerts
Enabled true of false depending on if you want it enabled by default
1 Param( 2 [parameter(Mandatory=$true)] 3 $ManagementServer, 4 [parameter(Mandatory=$true)] 5 $ManagementPackID, 6 [parameter(Mandatory=$true)] 7 $RuleID, 8 [parameter(Mandatory=$true)] 9 $RuleName, 10 [parameter(Mandatory=$true)] 11 $RuleDescription, 12 [parameter(Mandatory=$true)] 13 $RuleTarget, 14 [parameter(Mandatory=$true)] 15 $ComputerName, 16 [parameter(Mandatory=$true)] 17 $EventLogName, 18 [parameter(Mandatory=$true)] 19 $EventID, 20 [parameter(Mandatory=$true)] 21 $EventSource, 22 [parameter(Mandatory=$true)] 23 $AlertName, 24 [parameter(Mandatory=$true)] 25 $AlertPriority, 26 [parameter(Mandatory=$true)] 27 $AlertSeverity, 28 [parameter(Mandatory=$true)] 29 $SuppressOnEventID, 30 [parameter(Mandatory=$true)] 31 $Enabled 32 ) 33 34 Write-Host "ManagementServer: "$ManagementServer 35 Write-Host "ManagementPackID: "$ManagementPackID 36 Write-Host "RuleID: "$RuleID 37 Write-Host "RuleName: "$RuleName 38 Write-Host "RuleDescription: "$RuleDescription 39 Write-Host "RuleTarget: "$RuleTarget 40 Write-Host "ComputerName: "$ComputerName 41 Write-Host "EventLogName: "$EventLogName 42 Write-Host "EventID: "$EventID 43 Write-Host "EventSource: "$EventSource 44 Write-Host "AlertName: "$AlertName 45 Write-Host "AlertPriority: "$AlertPriority 46 Write-Host "AlertSeverity: "$AlertSeverity 47 Write-Host "SuppressOnEventID: "$SuppressOnEventID 48 Write-Host "Enabled: "$Enabled 49 50 function CreateManagementPack 51 { 52 param([object]$MG, [string]$ManagementPackID) 53 $MPStore = New-Object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackFileStore 54 $MP = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPack($ManagementPackID, $ManagementPackID, (New-Object Version(1, 0, 0)), $MPStore) 55 $MG.ImportManagementPack($MP) 56 } 57 58 function CreateWindowsMicrosoftWindowsEventProviderModule 59 { 60 param([object]$Rule, [object]$MG, [string]$ComputerName, [string]$EventLogName, [string]$EventSource, [int]$EventID) 61 $DSModuleType = $MG.GetMonitoringModuleTypes("Microsoft.Windows.EventProvider")[0] 62 $DSModule = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackDataSourceModule($Rule, "DS") 63 $DSModule.TypeID = [Microsoft.EnterpriseManagement.Configuration.ManagementPackDataSourceModuleType]$DSModuleType 64 $DSModule.Configuration = CreateWindowsMicrosoftWindowsEventProviderModuleConfig $ComputerName $EventLogName $EventSource $EventID 65 $Rule.DataSourceCollection.Add($DSModule) 66 } 67 68 function CreateWindowsMicrosoftWindowsEventProviderModuleConfig 69 { 70 param([string]$ComputerName, [string]$EventLogName, [string]$EventSource, [int]$EventID) 71 $oBuilder = New-Object System.Text.StringBuilder 72 [void]$oBuilder.AppendFormat("<ComputerName>{0}</ComputerName>", $ComputerName) 73 [void]$oBuilder.AppendFormat("<LogName>{0}</LogName>", $EventLogName) 74 [void]$oBuilder.Append("<Expression>") 75 [void]$oBuilder.Append("<And>") 76 [void]$oBuilder.Append("<Expression>") 77 [void]$oBuilder.Append("<SimpleExpression>") 78 [void]$oBuilder.Append("<ValueExpression>") 79 [void]$oBuilder.Append("<XPathQuery>EventSourceName</XPathQuery>") 80 [void]$oBuilder.Append("</ValueExpression>") 81 [void]$oBuilder.Append("<Operator>Equal</Operator>") 82 [void]$oBuilder.Append("<ValueExpression>") 83 [void]$oBuilder.AppendFormat("<Value>{0}</Value>", $EventSource) 84 [void]$oBuilder.Append("</ValueExpression>") 85 [void]$oBuilder.Append("</SimpleExpression>") 86 [void]$oBuilder.Append("</Expression>") 87 [void]$oBuilder.Append("<Expression>") 88 [void]$oBuilder.Append("<SimpleExpression>") 89 [void]$oBuilder.Append("<ValueExpression>") 90 [void]$oBuilder.Append("<XPathQuery>EventDisplayNumber</XPathQuery>") 91 [void]$oBuilder.Append("</ValueExpression>") 92 [void]$oBuilder.Append("<Operator>Equal</Operator>") 93 [void]$oBuilder.Append("<ValueExpression>") 94 [void]$oBuilder.AppendFormat("<Value>{0}</Value>", $EventID) 95 [void]$oBuilder.Append("</ValueExpression>") 96 [void]$oBuilder.Append("</SimpleExpression>") 97 [void]$oBuilder.Append("</Expression>") 98 [void]$oBuilder.Append("</And>") 99 [void]$oBuilder.Append("</Expression>") 100 return $oBuilder.ToString() 101 } 102 103 function CreateSystemHealthGenerateAlertModule 104 { 105 param([int]$AlertPriority, [int]$AlertSeverity, [string]$AlertName, [string]$RuleID) 106 $EventDescription = '$Data/EventDescription$' 107 $EventDisplayNumber = '$Data/EventDisplayNumber$' 108 $AlertMessageID = '{0}.AlertMessage' -f $RuleID 109 $AlertMessageObject = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackStringResource($MP, $AlertMessageID) 110 $AlertMessageObject.DisplayName = (XMLEncode -s $AlertName) 111 $txt = 112 @" 113 114 Event ID: {0} 115 Event Description: {1} 116 117 "@ 118 $AlertMessageObject.Description = $txt 119 $AlertMessageXPath = '$MPElement[Name="{0}"]$' -f $AlertMessageObject.Name 120 121 $oBuilder = New-Object System.Text.StringBuilder 122 [void]$oBuilder.AppendFormat("<Priority>{0}</Priority>", $AlertPriority) 123 [void]$oBuilder.AppendFormat("<Severity>{0}</Severity>", $AlertSeverity) 124 [void]$oBuilder.AppendFormat("<AlertName>{0}</AlertName>", (XMLEncode -s $AlertName)) 125 [void]$oBuilder.AppendFormat("<AlertMessageId>{0}</AlertMessageId>", $AlertMessageXPath) 126 [void]$oBuilder.Append("<AlertParameters>") 127 [void]$oBuilder.AppendFormat("<AlertParameter1>{0}</AlertParameter1>", $EventDisplayNumber) 128 [void]$oBuilder.AppendFormat("<AlertParameter2>{0}</AlertParameter2>", $EventDescription) 129 [void]$oBuilder.Append("</AlertParameters>") 130 [bool]$SuppressOnEventID = [System.Convert]::ToBoolean($SuppressOnEventID) 131 if ($SuppressOnEventID) 132 { 133 [void]$oBuilder.Append("<Suppression>") 134 [void]$oBuilder.AppendFormat("<SuppressionValue>{0}</SuppressionValue>", $EventDisplayNumber) 135 [void]$oBuilder.Append("</Suppression>") 136 } 137 return $oBuilder.ToString() 138 } 139 140 function CreateSystemHealthGenerateAlertWriteAction 141 { 142 param([object]$Rule, [object]$MG, [int]$AlertPriority, [int]$AlertSeverity, [string]$AlertName, [string]$RuleID) 143 $WAModuleType = $MG.GetMonitoringModuleTypes("System.Health.GenerateAlert")[0] 144 $WAModule = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackWriteActionModule($Rule, "GenerateAlert") 145 $WAModule.TypeID = [Microsoft.EnterpriseManagement.Configuration.ManagementPackWriteActionModuleType]$WAModuleType 146 $WAModule.Configuration = CreateSystemHealthGenerateAlertModule $AlertPriority $AlertSeverity $AlertName $RuleID 147 $Rule.WriteActionCollection.Add($WAModule) 148 } 149 150 function XMLEncode 151 { 152 param([string]$s) 153 $s = $s.Replace("&", "&amp;") 154 $s = $s.Replace("<", "&lt;") 155 $s = $s.Replace(">", "&gt;") 156 $s = $s.Replace('"', "&quot;") 157 $s = $s.Replace("'", "&apos;") 158 return $s.ToString() 159 } 160 161 Write-Host "Adding SCOM Snap-in" 162 Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client 163 164 Write-Host "Connecting to SCOM Management Group" 165 $MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($ManagementServer) 166 167 Write-Host "Getting MP Information and Incrementing Version" 168 try 169 { 170 $MP = $MG.GetManagementPacks($ManagementPackID)[0] 171 $VIncrement = $MP.Version.ToString().Split('.') 172 $VIncrement[$VIncrement.Length - 1] = ([system.int32]::Parse($VIncrement[$vIncrement.Length - 1]) + 1).ToString() 173 $MP.Version = ([string]::Join(".", $VIncrement)) 174 } 175 catch 176 { 177 Write-Host "MP Not Found, Creating New MP" 178 CreateManagementPack $MG $ManagementPackID 179 $MP = $MG.GetManagementPacks($ManagementPackID)[0] 180 } 181 182 Write-Host "Creating New Rule" 183 $Rule = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackRule($MP, $RuleID) 184 185 Write-Host "Creating Data Source Section of Rule" 186 CreateWindowsMicrosoftWindowsEventProviderModule $Rule $MG $ComputerName $EventLogName $EventSource $EventID 187 188 Write-Host "Creating Write Action Section of Rule" 189 CreateSystemHealthGenerateAlertWriteAction $Rule $MG $AlertPriority $AlertSeverity $AlertName $RuleID 190 191 Write-Host "Adding Rule Target" 192 $Rule.Target = $MG.GetMonitoringClasses($RuleTarget)[0] 193 194 Write-Host "Adding Rule Category" 195 $Rule.Category = [Microsoft.EnterpriseManagement.Configuration.ManagementPackCategoryType]::Alert 196 197 Write-Host "Adding Display Name" 198 $Rule.DisplayName = (XMLEncode -s $RuleName) 199 200 Write-Host "Adding Description" 201 $Rule.Description = (XMLEncode -s $RuleDescription) 202 203 Write-Host "Setting Enabled Property" 204 [bool]$Enabled = [System.Convert]::ToBoolean($Enabled) 205 If (!($Enabled)){$Rule.Enabled = [Microsoft.EnterpriseManagement.Configuration.ManagementPackMonitoringLevel]::false} 206 207 Write-Host "Writing Changes via SDK" 208 $MP.AcceptChanges() 209 210 Write-Host "Script Completed"