SCOM (Microsoft System Center Operations Manager)
Send monitoring events from Microsoft System Center Operations Manager (SCOM) to BigPanda.
Supported Versions | Type | Authentication Type |
---|---|---|
System Center 2016, 2019, 2022 | Custom Script | Org Bearer Token |
Microsoft System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. Using this integration, you can configure SCOM to automatically send alerts to BigPanda. The SCOM integration provides streamlined installation, debugging, and supports installations that use an HTTP proxy server.
Open Integration Manager
The Open Integration Manager is available for use with SCOM. For more information, see the Open Integration Manager documentation.
How it Works
The SCOM Integration works by subscribing BigPanda to all alert notifications. The SCOM Integration utility automatically installs the BigPanda command executable file and creates a command channel, a subscriber, and a subscription in SCOM. When a SCOM alert is generated, the information is forwarded to BigPanda using these elements:
- The command notification channel defines what information is sent to BigPanda. By default, all standard SCOM fields are sent to BigPanda, and you can add custom fields. It also determines that the notification is sent by running the BigPanda command executable file.
- The notification subscriber defines the BigPanda channel as the recipient and determines the schedule for sending notifications. You can customize the notifications schedule.
- The notification subscription defines the criteria for sending a notification. By default, all alerts are sent to BigPanda, and you can filter which alerts are sent and set an initial delay. It also defines that the BigPanda channel is used to send the notification and the BigPanda subscriber receives the notification.
BigPanda then processes and correlates the alert from SCOM to create and maintain up-to-date incidents in BigPanda.
Simultaneous Response Limit
SCOM has a limitation of allowing only 5 simultaneous responses, which affects the command notification channel. The asynchronous response limit can be increased to 100, but an incremental increase is recommended. For alert storms exceeding this limit, consider adding a mitigation mechanism upstream.
Payload size
Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.
When Alerts are Updated and Closed
The life cycle of a SCOM alert in BigPanda reflects the notifications that SCOM sends.
- Alerts are not updated: SCOM sends an alert when an error first occurs, but does not send updates when the error criteria change. The error criteria in BigPanda remain in the initial state for the entire life cycle of the alert. If SCOM is configured for auto-remediation, the remediation updates are not sent to BigPanda.
- Alerts cannot transition from warning to critical: If a check in SCOM transitions from a warning to a critical state, SCOM closes the warning and sends a new, critical alert with a unique identifier. The initial warning alert is closed and a new critical alert is opened in BigPanda. This behavior does not affect alert correlation. The check is counted as two different alerts in BigPanda.
- Some alerts are not closed automatically: For alerts from monitors, SCOM sends an update when the error is resolved. The alert is then automatically closed in BigPanda. For alerts from rules, SCOM does not send a resolution event so the related alert in BigPanda remains open. You must manually resolve BigPanda incidents that contain SCOM alerts from rules.
Acknowledged Alerts
When an alert is acknowledged in SCOM, it is marked as
Acknowledged
in BigPanda.
SCOM Data Model
BigPanda normalizes alert data from SCOM. You can use tag values to filter the incident feed and to define filter conditions for Environments. The primary and secondary properties are also used during the deduplication and correlation processes.
Standard Tags
Tag | Description | Attributes |
---|---|---|
alert_source | Monitored object that generated the alert. | Primary Property. |
alert_name | Name of the alert in SCOM. | Secondary Property. |
alert_description | Description of the alert in SCOM. | |
alert_severity | Level of the alert (OK , Warning , Critical ) | |
alert_priority | Importance of the alert. | |
alert_category | Operational category of the alert. | |
alert_resolution_state | Monitor state that automatically resolves the alert. | |
alert_owner | User who is listed in SCOM as investigating the alert. | |
alert_resolved_by | User who resolved the alert in SCOM, if applicable. | |
alert_last_modified_by | User who changed the alert in SCOM most recently, if applicable. | |
alert_id | Identifier for the alert in SCOM. | |
alert_last_modified_time | Time of the last update to the alert properties. | |
alert_raised_time | Time when the alert was first opened. | |
alert_resolution_time | Time when the monitor state returned to the resolution state, if applicable. |
Custom Tags
You can independently configure the integration to send custom SCOM fields to BigPanda. These fields become custom tags in BigPanda are available along with the standard tag data to help users resolve problems.
To send custom fields to BigPanda:
-
In SCOM, open the Operations console, and then click Administration. You must have the Operations Manager Administrators role in SCOM.
-
In the navigation pane, go to Notifications > Channels.
-
Open the BigPanda channel and click the Settings tab.
-
In the Command line parameters field, add the custom fields in one of the following ways.
- Enter the field names manually. For example,
CustomField1=domain_name
. - Click the arrow and select the custom field you want to send.
- Enter the field names manually. For example,
Install The Integration
Administrators can install the integration by following the SCOM Installation instructions.
Execute on all SCOM management consoles
When installing the integration, be sure to copy the executable
/bigpanda-scom-cli.exe
to all of the SCOM management consoles, not just the one that it was installed on as the primary.
Debug SCOM
Before You Start
- Ensure the BigPanda SCOM integration and SCOM Integration utility are installed.
- Obtain access to the server where SCOM is installed.
- Open the PowerShell console and change the execution policy to
RemoteSigned
by running the following command:
Set-ExecutionPolicy remotesigned
Check the Version
To check the version of the SCOM Integration utility, run the following command:
./bigpanda-scom-cli.exe --version
If you don't have the latest version of the utility, download and install it:
View the SCOM Log File
The SCOM Integration utility writes a message to a log file every time an alert is sent from SCOM to BigPanda. This information can be very helpful when diagnosing a problem.
Access the log file in the same directory where you extracted the utility. The file name is: bigpanda-scom-cli.log
Change the Logging Options
You can change logging options by using the following flags with your commands.
Flag | Description |
---|---|
-d --debug | Writes log messages to the screen instead of the log file. |
-v --verbose | Writes detailed information to the log. Consider this level when you are actively diagnosing problems. |
Example:
./bigpanda-scom-cli.exe test --debug -k <YOUR APP KEY> -t <YOUR TOKEN>
Send a Test Alert
You can send a test alert from SCOM to BigPanda. Run the following command and replace <YOUR APP KEY>
and <YOUR TOKEN>
with the corresponding values in BigPanda.
./bigpanda-scom-cli.exe test -k <YOUR APP KEY> -t <YOUR TOKEN>
Use a Proxy Server
If you're using an HTTP Proxy server in your SCOM configuration, you can use the --proxy flag when installing the utility and sending a test alert. For example, run the following command and replace with the full URL to your proxy server:
./bigpanda-scom-cli.exe test --proxy <Proxy server URL>
Proxy must be added
When installing the utility and sending a test alert, the command line excludes the
.exe
. The--proxy
line is also not added to the full path and command line parameters of the notification channel. Adding a check for the full path of the command line channel ensures that the--proxy
value is there.
After Debugging
If you are unable to resolve the problem, contact BigPanda support for assistance.
Uninstall the Integration
Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.
Caution during replacement
When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.
Deactivate Inbound Integration
If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.
To deactivate an inbound integration:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
- At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.
In the integrations list, inactive integrations will be marked with a gray bar.
Alert Resolution for Inactive Integrations
Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.
Stop Sending Data to BigPanda
-
Download the latest BigPanda SCOM Integration utility for your operating system: Windows 64-Bit
-
Extract the downloaded archive and open a PowerShell console with a command prompt in the extracted directory.
-
Change the execution policy for the PowerShell console to
RemoteSigned
by running the following command:Set-ExecutionPolicy remotesigned
-
Run the following command:
./bigpanda-scom-cli.exe uninstall
-
At the prompt, enter
y
to confirm the change, and press Enter.
Delete the Integration in BigPanda
Take the following steps to delete the integration from BigPanda:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
- In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.
️Automatic alert resolution for deleted integrations
All active alerts from the integration will be resolved after deletion.
Data removal
This procedure does not remove any data from the integrated system.
Updated 1 day ago