Forwarding SCOM alerts to SCSM can be very useful to allocate troubleshooting duties. However, Incidents created for offline network devices tends to provide less than useful information at first sight. It’s difficult to tell which network device each Incident is for.
This is because the SCOM alert connector in SCSM is simply pulling the alert title from SCOM and placing it in the new Incident. The alert title for network devices does not list the affected network device.
I have come up with a small Orchestrator runbook that will handle grabbing the affected devices name and appending it to the title of the Incident.
- Initialize Data – This will receive the Runbook Automation Activity ID to be used in the next activity
- Get RAA – This will use the ID from Initialize Data and grab the RAA object
- Get RAA-IR Relationship – This will grab the relationship between the RAA and the IR that the SCOM alert connector created
- Get IR – This will grab the IR object and all details about the object
- Get IR-Node Relationship – This will grab the relationship between the IR and the affected Node (Network Device) CI
- Get Node – This grabs the Node object and all of its details including the display name
- Update Object – This will grab the display name of the Node from Get Node and put it in front of the title from Get IR. It will then update the IR title with that combination
This has been tested using SCSM, SCOM and Orchestrator 2016 as well as 1801. Along with those 3 System Center pieces, the following will be needed:
- A SCOM alert connector in SCSM to handle the Incident creation
- Here is a helpful link on how to set that up:
- A SCOM CI connector in SCSM to create CIs in SCSM for objects in SCOM
- This link will help setting that up and works up to SCSM 1801: https://www.petri.com/connect-service-manager-2012-to-operations-manager-2012
- Import Management Packs into SCSM and configure SCOM CI connector to bring in network device CIs
- Use this link to help find the management packs and configure the connector: https://marcelzehner.ch/2013/06/22/network-device-management-in-the-service-manager-cmdb/
Once these pre-requisites are set up, the runbook can be implemented. To use this runbook, download it here.
Change the Service Manager connection in each Service Manager activity in the runbook. This can be done by opening the file in any text editor. Do a find and replace to switch ServiceManager2016 with whatever the name of your connector is and select Replace All.
Then, import the runbook into your Orchestrator folder that is synched to SCSM.
Next, create a Runbook Automation Activity for it. In the RAA template, map RunbookID to Work Item>Id.
After creating the runbook activity template, create a new Operations Manager-Generated Incident template for Network Devices. In that template, add the Runbook Automation Activity. Fill in any other details you want to for the rest of the template.
When the Incident template is complete, create a routing rule in the SCOM Alert Connector. Configure it to use the new Incident template that was just created. To have it pick up on the network device alerts, set the Management Pack criteria to target Network Management. You will have to use the internal ID of the Management Pack: System.NetworkManagement.Monitoring
After the alert routing rule is created, configure SCOM to forward the network device alerts to the SCSM alert connector. Open the alert connector in SCOM and create a new subscription. Select all groups in the subscription. In the Targets pane of the subscription, select the Nodes type, then save the subscription.
Once the alerts are forwarded to SCSM, SCSM will use the new Incident template and the Runbook Automation Activity to append the device display name.
This can be used for many types of alerts such as Failed To Connect To Computer. It can be used on the Windows Computer CI instead.