[OpsMgr 2007 R2][OpsMgr 2012] Managing SCOM Alerts with powershell scripts

I've recently read an article here that show us how to close unclosed alerts comming from rules in a left SCOM environment and this give me the opportunity to post some scripts to help you to manage alerts in Operations Manager.

First, the article make the difference between alerts comming from monitors (I'll say autoclose alerts) and alerts comming from ruleS (Manual close alert) but forgot to speak about manual reset monitors that generate alerts.

So to close all alerts that are raised by rules :

#Resolve alerts that are created by a rule
#Note the Get-Alert become Get-SCOMAlert with OpsMgr 2012get-alert -criteria ‘ResolutionState != ”255”’ | where-object {($_.IsMonitorAlert -eq $False)}| resolve-alert -comment "Resolving all opened alerts generated by all rules."

What about closing alerts generated by manual reset monitors.

• first, here is a script to retrieve all manual reset monitors

# Search all Manual Reset Monitor$mg = (Get-ManagementGroupConnection).ManagementGroup
$monitorType = $mg.GetUnitMonitorTypes("Microsoft.Windows.SingleEventLogManualReset2StateMonitorType")[0];
$monitorCriteria = new-object Microsoft.EnterpriseManagement.Configuration.MonitorCriteria("IsUnitMonitor='1'");
$monitorTypeCriteria = new-object Microsoft.EnterpriseManagement.Configuration.UnitMonitorTypeCriteria("Name LIKE '%EventLogManualReset%'");
$monitorTypes = $mg.GetUnitMonitorTypes($monitorTypeCriteria);
$monitors = $mg.GetMonitors($monitorCriteria);
$manualResetMonitors =  @()
foreach($monitor in $monitors){
    foreach($monitorType in $monitorTypes){
        if(([Microsoft.EnterpriseManagement.Configuration.UnitMonitor]$monitor).TypeId.Id -eq $monitorType.Id){
   $manualResetMonitors += $monitor
        }
    }
}
# list all manual reset monitors
$manualResetMonitors

•  You're now able to get all information for manual reset monitors and create a script to get alerts for each monitor in $ManualresetMonitors

Script should ne like (not tested yet)

$manualResetMonitors | % {
 #Close all alerts of the specific monitor get-alert | where-object {$_.ResolutionState -eq "0" -and $_.MonitoringObjectId -eq '"'+ $_.Id +'"'} |resolve-alert -comment "Resolving all alerts for all manual reset monitors."
 }


I would like to add an other script that could be usefull when you remove a MP. Save the following script in CloseAlertsForMP.ps1 and call it in a powershell windows connected to the management group in which you want to close the alerts with MP name as argument.

Param ([String] $MPName)
If ($MPName -eq "") { $MPName=(Read-Host "Enter a Management Pack Name ") }
   $mp=Get-ManagementPack | where {$_.name -eq $MPName
   }
If ($mp -eq $null) {
   "The ManagementPack you have put in argument is incorrect or not found"
   "List of available MP"
   Get-ManagementPack | sort -property Name | ft Name
   Exit
   }
$mp.getclasses() | foreach {$criteria="ResolutionState != 255";$alerts+=get-alert -criteria $criteria}$alerts | ft name,customfield1,ResolutionState, Customfield7
$continue =(Read-Host "Do you want to continue ? (y/n)")
if ($continue -ne "y") {
   "No alerts closed"
   "Exit"
   Exit
   }
$alerts | resolve-alert -comment "Closing Alert before Management Pack retirement"

 Hope these fiew line will help you to manage alerts in your environment.

This posting is provided "AS IS" with no warranties.