Microsoft System Center Operations Manager (SCOM) Integration

Microsoft System Center Operations Manager (SCOM) is a state, health and performance monitoring infrastructure for Microsoft Windows environments. SCOM ensures the predictable performance and availability of your applications and offers monitoring for your data center and cloud, both public and private.

​What does SCOM offer to Logstash users?

Integrating SCOM with OpsGenie, you can forward both your Operations Manager alerts and updates on them to OpsGenie to benefit from OpsGenie's rich, meaningful and actionable alerts, powerful on-call schedules, escalations and reporting services. Microsoft System Center Operations Manager can forward alert events to OpsGenie to create alerts and acknowledge, close and add note to them using PowerShell. You can benefit from OpsGenie's Alert De-Duplication using SCOM integration.


Functionality of the integration

  • When an alert is created on SCOM, an alert is created in OpsGenie automatically through the integration.
  • When an alert is resolved or closed on SCOM, the related alert is closed in OpsGenie.
  • When an alert is acknowledged on SCOM, the related alert is acknowledged in OpsGenie.

Setup instructions for Microsoft SCOM Integration:

This guide was prepared using Windows Server 2012 R2 and SCOM 2012 R2; but other recent versions should also work.

Add SCOM Integration in OpsGenie

  • Open Integrations page, type SCOM to the search field and click Add on the SCOM.
  • Click on Save Integration.
  • Copy the API key that is provided for you.
  • To modify default rules for the SCOM Integration, click on Go to Advanced Settings.
  • You can create/edit conditions for filtering SCOM alerts on Filter segment.
  • You can modify fields for the alerts generated by SCOM using Alert Fields segments.

Configuration on Microsoft SCOM

  • Create a new folder with name opsgenie under your root scripts directory. Resulting directory will be C:\scripts\opsgenie
  • Download OpsGenie's SCOM PowerShell Script and place it to the directory that you've created in previous step. Make sure that the name of the script file is opsgenie.ps1 and the final path to the file is C:\scripts\opsgenie\opsgenie.ps1

    Minimum required Powershell version for the script to be able to work is 3.0. If you're using a version below 3.0, the Powershell Script code for converting the values into JSON and posting the HTTP request to OpsGenie should be developed by your side.

  • Open the script and paste your API key into the ApiKey parameter value. Save the file.
  • Open the System Center Operations Manager console.
  • Click on Administration from the bottom-left panel.
  • Select Channels under the Notifications menu from the left panel.
  • Click on New from the right panel to add a new notification channel and select Command from the resulting list.
  • Write OpsGenie to the channel name and click Next.
  • Write $PsHome to the PowerShell to learn your PowerShell Home folder.
  • Write the file path of powershell.exe under your PowerShell Home folder to the Full name of the command file field. The result is the following for almost all cases:
  • c:\windows\system32\windowspowershell\v1.0\powershell.exe
  • Copy and paste the following into the Command line parameters field. Make sure that you replace the part Your_API_Key with your integration API key that is provided for you.
  • "C:\scripts\opsgenie\opsgenie.ps1" '"Your_API_Key"' '"$Data[Default='NotPresent']/Context/DataItem/AlertId$"' '"$Data[Default='NotPresent']/Context/DataItem/AlertName$"' '"$Data[Default='NotPresent']/Context/DataItem/AlertDescription$"' '"$Data[Default='NotPresent']/Context/DataItem/ResolutionStateName$"' '"$Data[Default='NotPresent']/Context/DataItem/ResolutionStateLastModifiedLocal$"' '"$Data[Default='NotPresent']/Context/DataItem/Priority$"' '"$Data[Default='NotPresent']/Context/DataItem/Owner$"' '"$Data[Default='NotPresent']/Context/DataItem/RepeatCount$"' '"$Data[Default='NotPresent']/Context/DataItem/Severity$"' '"$Data[Default='NotPresent']/Context/DataItem/Category$"' '"$Data[Default='NotPresent']/Context/DataItem/CreatedByMonitor$"' '"$Data[Default='NotPresent']/Context/DataItem/ManagedEntityDisplayName$"' '"$Data[Default='NotPresent']/Context/DataItem/WorkflowId$"' '"$Data[Default='NotPresent']/Context/DataItem/LastModifiedLocal$"' '"$Data[Default='NotPresent']/Context/DataItem/TimeRaisedLocal$"' '"$Data[Default='NotPresent']/Context/DataItem/TicketId$"' '"$Data[Default='NotPresent']/Context/DataItem/DataItemCreateTimeLocal$"' '"$Data[Default='NotPresent']/Context/DataItem/ManagedEntityPath$"' '"$Data[Default='NotPresent']/Context/DataItem/ManagedEntity$"' '"$Data[Default='NotPresent']/Context/DataItem/TimeAddedLocal$"' '"$MPElement$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom1$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom2$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom3$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom4$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom5$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom6$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom7$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom8$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom9$"' '"$Data[Default='NotPresent']/Context/DataItem/Custom10$"'
  • Write your PowerShell Home folder path into the Startup folder for the command line field. Make sure that you add \ to the end of this path. This path is the following for almost all cases:
  • c:\windows\system32\windowspowershell\v1.0\
  • Click Finish.
  • Select Subscribers under the Notifications menu from the left panel and click on New from the right panel.
  • On Description step; write OpsGenie to the Subscriber Name field and click Next.
  • On Schedules step; select Always send notifications and click Next.
  • On Addresses step; click Add.
  • On the Subscriber Address wizard; write OpsGenie Channel to the Address name field and click Next.
  • Use the drop down menu under Channel Type and select Command from the list.
  • Use the drop down menu under Command Channel and select OpsGenie from the list. Then click Next.
  • Select Always send notifications and click Finish.
  • OpsGenie Channel will be listed under Subscriber address section. Click Finish.
  • Select Subscriptions under the Notifications menu from the left panel.
  • Click New from the right panel.
  • On Description step; write OpsGenie to the Subscription name field and click Next.
  • On Criteria step; select the conditions in which you want to forward SCOM alert updates to OpsGenie. I am going to leave all options unchecked. On this case, you should notice Notify on all alerts in the Criteria description field. Click Next.
  • On Subscribers step; click Add to add a new subscriber.
  • On Subscriber Search screen; write OpsGenie to the Filter by field and click Search.
  • OpsGenie will be listed under Available subscribers section. Click on OpsGenie and then click Add.
  • You should see OpsGenie under Selected subscribers section. Click OK.
  • You will return to Notification Subscription Wizard and OpsGenie will be listed under Selected subscriber section. Click Next.
  • On Channels step; click Add to add the notification channel that we have created before.
  • On Channel Search screen; write OpsGenie to the Filter by field and click Search.
  • OpsGenie will be listed under Available channels section. Click on OpsGenie and then click Add.
  • You should see OpsGenie under Selected channels section. Click OK.
  • You will return to Notification Subscription Wizard and OpsGenie will be listed under Channels section. Select Send notifications without delay and click Next.
  • Review your notification subscription settings and make sure that Enable this notification subscription option is checked. Click Finish.
  • Your setup for Microsoft SCOM integration with OpsGenie should now be completed.

Sample payload sent from SCOM to OpsGenie

{
  "owner": "np",
  "lastModified": "12/24/2015 11:47:16 AM",
  "resolutionState": "New",
  "timeRaised": "12/24/2015 11:47:16 AM",
  "resolutionStateLastModified": "np",
  "workflowId": "{7eba60fd-b179-69a7-3897-47b6753601f2}",
  "category": "Custom",
  "alertId": "{2ba87d56-a7af-4b42-bdcc-eb18486bd8cd}",
  "alertName": "Alert for event 999",
  "priority": "1",
  "severity": "2",
  "createdByMonitor": "false",
  "repeatCount": "0",
  "alertDescription": "np",
  "managedEntitySource": "WIN-RQTU8UB5TU5.opsgeniescom.com"
}

Sample alert