Dynamic alert settings for monitor which never had any (done thru overrides)

  • Article

Tim from QuickenLoans contacted me and wanted verification about ability to use AlertMessage override (discussed in my previous post) with unit monitor for SNMP network device. He was using “Device Status Check” monitor and we can see that initial requirement for override use is met – monitor is PUBLIC.

<UnitMonitor ID="Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Accessibility="Public" Target="Microsoft.SystemCenter.NetworkDevice" Enabled="true" TypeID="Microsoft.SystemCenter.NetworkDevice.CheckDeviceState" ParentMonitorID="Health!System.Health.AvailabilityState">

  <Category>PerformanceHealth</Category>

  <OperationalStates>

    <OperationalState HealthState="Success" MonitorTypeStateID="DeviceUp" ID="Success" />

    <OperationalState HealthState="Error" MonitorTypeStateID="DeviceDown" ID="Error" />

  </OperationalStates>

  <Configuration>

    <Interval>120</Interval>

    <IsWriteAction>false</IsWriteAction>

    <IP>$Target/Property[Type="Microsoft.SystemCenter.NetworkDevice"]/IPAddress$</IP>

    <CommunityString>$Target/Property[Type="Microsoft.SystemCenter.NetworkDevice"]/CommunityString$</CommunityString>

    <Version>$Target/Property[Type="Microsoft.SystemCenter.NetworkDevice"]/Version$</Version>

    <SnmpVarBinds>

      <SnmpVarBind>

        <OID>.1.3.6.1.2.1.1.5.0</OID>

        <Syntax>1</Syntax>

        <Value VariantType="8" />

      </SnmpVarBind>

    </SnmpVarBinds>

  </Configuration>

</UnitMonitor>

 

As evident above (and to my surprise), this monitor doesn’t have any alert associated with its state change! Luckily, plenty of overrides which are required to raise alert are accessible thru UI, which leads me to believe that some of you were able to raise alert already. For those who never did, nor needed to do such work, we will use GenerateAlert, AlertOnState, AlertPriority and AlertServerity overrides. I’m going to include those overrides in my Management Pack directly and will not spend much time with them as they should be self-explanatory.

<!-- generate alert -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideGenerateAlert" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="GenerateAlert">

  <Value>true</Value>

</MonitorPropertyOverride>

<!-- auto-resolve this alert when state improves -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideAutoResolve" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="AutoResolve">

  <Value>true</Value>

</MonitorPropertyOverride>

<!-- minimal state used for alert creation -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideAlertOnState" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="AlertOnState">

  <Value>Error</Value>

</MonitorPropertyOverride>

 

<!-- priority -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideAlertPriority" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="AlertPriority">

  <Value>Normal</Value>

</MonitorPropertyOverride>

 

<!-- severity -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideAlertSeverity" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="AlertSeverity">

  <Value>MatchMonitorHealth</Value>

</MonitorPropertyOverride>

 

But as some of you are probably aware, using those overrides only helps alert to be raised, but alert will not have any user friendly description. This is where my previous post comes handy. It provides the guide on how to customize alert description. Our new alert would need description, but that is equal to customizing anyway, so same process applies here as well. Initially we need to define alert description and retrieve its GUID from database after it was imported (described in my previous post).

<StringResource ID="Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus.Override.AlertMessageResourceID" />

 

<DisplayString ElementID="Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus.Override.AlertMessageResourceID">

  <Name>Network device is down</Name>

  <Description>Network device identified by community string {0} is down.</Description>

</DisplayString>

 

Override to be used for alert message is then defined:

<!-- ALERT MESSAGE -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideAlertMessage" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="AlertMessage">

  <Value>FA71560E-C127-A442-7CDF-25E6C4B3208F</Value>

</MonitorPropertyOverride>

 

You can also see that in my definition I wanted to use alert parameter, the one holding device identification. WHAT I FAILED TO MENTION in my previous post is that no configuration replacement is allowed in override values. Only replacement that works is dynamic replacement. Here is what this means. $Target and $MPElement replacements are not working with override value, only $Data works because replacement is performed by module and not by runtime! This is important information, sorry to leave it out last time! So I need to use data item triggering monitor state change to retrieve required information thru $Data replacement. So here is override that helps runtime to contain alert parameter within alert data.

<!-- ALERT PARAMETERS -->

<MonitorPropertyOverride ID="MonitorPropertyOverrideAlertParameter1" Context="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice" Enforced="false" Monitor="NetworkDeviceLibrary!Microsoft.SystemCenter.NetworkDevice.CheckDeviceStatus" Property="AlertParameter1">

  <Value>$Data/Context/DataItem/CommunityString$</Value>

</MonitorPropertyOverride>

 

Attached is MP that delivers on this guide. Due to restriction about parameter replacement use, alert description may not have enough information to identify failing device (although IP Address is present as source). There is an event 11001 in "Operations Manager" log that can be correlated to alert's time creation, where such event carries all neccessary information. (It is almost like that event should be used for alert creation in this particular case, but again, this post was supposed to serve as example of alert customization :))

New dynamic alert for "Device Status Check" monitor

Also remember that similar steps could be used for different monitors as well, only unfortunate requirement is authoring thru XML directly ...

ENJOY! (but remember that usual AS IS paradigm (described in side frame) applies.).

Microsoft.SystemCenter.NetworkDevice.Overrides.xml