Search This Blog

Friday, June 20, 2014

[SCOM 2012][Powershell] Closing all alerts from a specific Management Pack ( #SCOM2012 #Powershell )

I 've today a need to close all alert that has been raised by a  specific Management Pack. The way I decided to work is to list all alerts, detect from what monitor or rule the alert is comming from and then, check the monitor / rule property to know if it's related to the MP I want to close all alerts.


 For using the script, just replace the MY.MP.TEST by you MP name.



  1. # Set variable with the MP name you want to close all alerts
  2. $MPtoCheck = 'MY.MP.TEST'
  3. # Check Open alerts
  4.  $OpenAlerts = get-SCOMalert
  5. # Create an empty list of AlertID
  6.  $ListAlertIDtoClose = ""
  7. #Check what MP has raised the alert
  8.  foreach ($alert in $OpenAlerts)
  9.       {
  10.       $AlertMP = ""
  11.       $AlertID = $alert.ID
  12.       write-host $AlertID
  13.       If ($alert.IsMonitorAlert -eq "True")
  14.          {
  15.          $AlertMP = (get-SCOMmonitor -ID $Alert.MonitoringRuleID).GetManagementPack().name
  16.          }
  17.      else
  18.         {
  19.         $AlertMP = (get-SCOMrule -ID $Alert.MonitoringRuleID).GetManagementPack().name
  20.         }
  21.     
  22.      If ($AlertMP -match $MPtoCheck) {
  23.         write-host "AlertId: " $AlertID "is from " $AlertMP " and must be closed." -foregroundcolor "red"
  24.         if ($ListAlertIDtoClose -eq "")
  25.            { $ListAlertIDtoClose = $AlertID.guid }
  26.         else
  27.            { $ListAlertIDtoClose = $ListAlertIDtoClose + "," + $AlertID.guid}
  28.       } 
  29.   }
  30. # Show the list of alert ID that must be closed
  31.  $ListAlertIDtoClose
  32. # Create a table
  33.  $ListAlertIDtoCloseTable = $ListAlertIDtoClose.split(",")
  34. # Close all alert from the table
  35.  foreach ($AlertID in $ListAlertIDtoCloseTable)
  36.     {
  37.      get-SCOMAlert | where {$_.ID -like $AlertID} | Resolve-SCOMAlert -Comment "All alerts are closed by powershell script."  | out-null
  38.     }

Note :


For testing purpose, I've just removed the "| Resolve-SCOMAlert -Comment "All alerts are closed by powershell script."  | out-null " in line 37. For each Alert ID in the table, it will only show the alerts and not close them.

So in the screenshot, you can see lines in red - they are corresponding to alerts ID that are raised by MY.MP.TEST
Then in the middle, you can see a list of ID coma separated, this is the line 31 that is executed.

The table at the end, is listed all the alert from the list. since I removed the  "| Resolve-SCOMAlert -Comment "All alerts are closed by powershell script."  | out-null " in line 37, alerts are not closed.



Be carefull when closing alerts - this should be used in a test environnement first !

This posting is provided "AS IS" with no warranties.

Posted by at 11:48:00 AM Print Friendly and create PDF
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)