Issue:
You have informational alerts, or any other alerts in the SCOM console that you want to have, but not stack up forever.
Solution:
Power shell, again I am far from a power shell expert, in fact this might be the first script I have created that is more than just calling an existing command-let.
for those of you who don’t care, here is a line that will resolve informational alerts more than 12 hours old. (run it from Operations Manager Shell typically C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -PSConsoleFile Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Console.psc1 -NoExit .\Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Startup.ps1)
get-alert -criteria “Severity = ‘0’ AND ResolutionState = ‘0’ AND LastModified <= ‘$((((Get-Date).ToUniversalTime())).addhours(-12))'”|resolve-alert| out-null
For those who want to know how it works , or for me once I forgot
Get-Alert is a SCOM command-let (try get-help get-alert) for all the details.
-criteria allows us to filter based on whatever we want.
Severity = ‘0’ This is a zero just in case you are wondering and
Severity 0 = informational
Severity 1 = Warning
Severity 2 = Error
ResolutionState = ‘0’ again a zero and means
ResolutionState = ‘0’ is New
ResolutionState = ‘255’ Closed
Anything in the middle would be things you configured as custom resolution states
and now the one that took all the effort
LastModified is when the alert was last modified, well duh you say and I agree but now for the hard part. This is logged in UTC so it won’t match with what you see in the console so we need to feed it a UTC time 12 hours in the past and for that we need more brackets that I ever figured.
$(Get-Date) processes the get-date command-let and passes a date that looks like this “Sunday, February 07, 2010 1:30:00 PM”
$((Get-Date).ToUniversalTime()) Takes the date from above and converts it to UTC based on your time zone offset, resulting in “Sunday, February 07, 2010 9:30:00 PM”
$((((Get-Date).ToUniversalTime())).addhours(-12)) takes the date from above and subtracts 12 hours giving “Sunday, February 07, 2010 9:30:00 AM”
By the magic of power shell this is changed into something more like ‘2/7/2010 9:30: AM’ and for that magic I am eternally grateful as I always hated date format issues in scripting (yea powershell)
Now power shell has gathered a lost of all the alerts we want to clear and we simply pipe that to resolve-alert
and pipe the output from they whole line to out-null so we don’t get any output.
Scheduling the Task
I never imagined that it would take more time and lines of code to schedule this script than it did to create.
Normally you could just run
The script as saved on the local drive as ClearInfo.ps1
$RMSFQDN=”FQDN of your RMS“
Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
New-PSDrive -Name: Monitoring -PSProvider OperationsManagerMonitoring -Root: \
cd monitoring:\
New-ManagementGroupConnection $RMSFQDN
cd $RMSFQDN
$pf = (gc Env:\ProgramFiles)
cd “$pf\System Center Operations Manager 2007”
.\Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Functions.ps1;
Start-OperationsManagerClientShell -ManagementServerName: $RMSFQDN -PersistConnection: $true -Interactive: $true;
get-alert -criteria “Severity = ‘0’ AND ResolutionState = ‘0’ AND LastModified >= ‘$((((Get-Date).ToUniversalTime())).addhours(-12))'”|resolve-alert| out-null
Then simply call something like C:\WINDOWS\system32\WINDOW~2\v1.0\powershell.exe C:\scripts\ClearInfo.ps1 from task manager.
You may want to have a look at http://technet.microsoft.com/en-us/library/ee176949.aspx
