Rules and Monitors in OpsMgr 2007
One of the topics that is difficult for many new OpsMgr admins or MP authors to wrap their heads around is the difference between rules and monitors in Operations Manager 2007. In addition, there often seems to be confusion about which to use in certain situations.
First let’s start with the fundamental difference between a rule and a monitor. A monitor affects the health state of a managed entity in OpsMgr where as a rule does not. When we look at a state view in the console or we look at Health Explorer we are ONLY seeing the results of monitors. A rule does not have the ability to make something go from Green to Red in OpsMgr.
That is the BIGGEST difference between a rule and a monitor although there are certainly other differences in the technical implementation of each. Once we understand this it becomes a lot easier to understand when to use a monitor and a rule.
When to use a monitor
Use a monitor in almost any situation where you are checking for the health of an object.
When to use a rule
There are 2 common scenarios where you might want to use a rule
1. When you are collecting data for the purposes of reporting (storing in the Data Warehouse) or for displaying data in views within the OpsMgr Console (storing in the Operational Database). You may have noticed that there are “Write Actions” associated with rules. These can be thought of as instructions for where to store the data once it’s collected. You will often see rules with two Write Actions. One for storing data in the OpsMgr operational database and one for storing the data in the Data Warehouse database.
2. If for some reason you want to generate an alert for a condition but DO NOT want the health of an object affected.
Dealing with Alerts from Monitors and Rules
When talking about the differences between monitors and rules it is also very important to understand the differences in how you should deal with the alerts that are generated from each.
Since there is no underlying health state for a rule you can simply go in and close any alerts that are generated by the rule.
DO NOT JUST CLOSE ALERTS FROM MONITORS!! I can not stress this enough and I often see this happening in various OpsMgr environments . Always check to see if the health of the underlying managed object needs to be reset back to a healthy state as well. If you close an alert that is generated from a monitor you DO NOT reset the health state of the underlying object automatically. Think about the impact of this, since alerts are generated based upon state changes you will not receive additional notifications alerting you of future problems until that health state is reset.
If you’ve ever opened up Health Explorer and saw a bunch of Critical and Warning states but couldn’t figure out why there was no corresponding alerts then it is almost guaranteed that this has happened in your OpsMgr environment.
If you are unsure as to whether the alert was generated by a rule or monitor then one easy way to tell is to look at the alert properties. There will be a field called either Alert Rule or Alert Monitor which you can use to tell.
Although there are other smaller technical differences between the two, if you can remember that a monitor is the only one that can alter the health state of a managed object then you should be able to make the right choice when choosing between a rule and a monitor.