Generating Alerts On OMS

On the previous articles about Microsoft OMS, we've configured event and log collection from various systems and we've queried the workspace for information. We have the information, wouldn't it be great if we could also act on it?

The Operations Management Suite has a feature named "Alerts" that provides this functionality. Creating alerts is a straight forward and only takes a few minutes. To illustrate the process, we are going to configure an alert for a Windows Server Failover Cluster that hosts the File Server role.

When a cluster resource is moving to another node of the cluster, an event with id 1641 is generated under the source "FaileoverClustering" of the log "Microsoft-Windows-FailoverClustering/Operational".

To create the alert, we are going to need a query that returns the above events:


Let's create the alert. From the main OMS blade, select "Alerts" and then "Create New Rule":


This will bring you to the new alert rule page:


On the first step, we have to select the target OMS workspace and the alert criteria. The current workspace is already selected so the only thing left is to configure the criteria.

The list of available signals is really long. we are going to use the first option though, the "Custom Log Search".


Fill in the query and the threshold and click "Done". Depending how significant the event is, you may update the period and the frequency of the checks.


That was the first step. Now we have to configure the details of the alert:


Moving on to the third and last step, we have to define the action to take:


You can define multiple actions to take when the criteria is met, like sending an email or SMS message, trigger an Azure Function or Webhook and even create a ticket on your service management tools:


When done with the actions, hit the "Create alert rule" button to create the alert. That's it, the rule has been created. Let's test it! I've failed a role to another node and I got the below message:



That's pretty much it!

Related articles
    Introduction to Azure Advanced Analytics
    Configuring Log and Performance Counter collection on the OMS Workspace
    Install and Configure the OMS Windows Agent
    Verify the Agent Connectivity to OMS Workspace
    Deploying the OMS Windows Agent using DSC
    Querying OMS for Performance Data
    Querying OMS for Events
    Collecting IIS Log Files
    Install and Configure the OMS Linux Agent
    Syslog Message Collection for OMS from sources that do not support the agent
    Generating Alerts from OMS
    Update Management using OMS
    Monitoring Active Directory Health using OMS
    Assessing Security using OMS
    Monitoring Microsoft SQL using OMS
    Monitoring Azure Activity Log using OMS

Popular posts from this blog

Domain Controller Machine Password Reset

Image
On my lab environment, I've configured two Active Directory sites since most enterprises have offices in more that one places. My lab however is not running 24/7 and the domain controllers in the second site are rarely turned on in order to save resources. This leads to issues with the Active Directory replication such as the "The target principal name is incorrect" error when I execute:  repadmin /syncall /AdeP. To remedy the issue, we have to reset the machine password of the domain controller that has been offline. First off, we are going to stop and disable the Kerberos Key Distribution Center (kdc) service on the problematic domain controller, in our case DC4. There may be some tickets in the cache so we should also clear them using klist purge Now it's time to change the machine password of the domain controller using the command netdom resetpwd /s:dc3 /ud:lab\administrator /pd:* Replace the "lab\administrator" with an account on your
Keep reading

Configuring a Certificate on Exchange Receive Connector

Today's article is about configuring Exchange receive connectors with specific certificates. Out of the box, Exchange uses self signed certificates to provide TLS secured mail flow. This will definitely be an issue if you expose the SMTP protocol to client computers since they won't trust the certificate. In this article we are going to configure a certificate that was issued by a third part authority to the Client Frontend receive connector. We'll start with getting the thumbprint of the certificate using the Get-ExchangeCertificate cmdlet: [PS] C:\> Get-ExchangeCertificate Thumbprint                               Subject ----------                               ------- 241B864DC82C664FECBA18B8D54987AAFB65B4C2 CN=*.lab.com, ... D4D210886B34E690191A1F008C78FDD0E7325DD4 CN=Exchange2013A 960171662EB261162F9C8CBE12E0B75D6F06ABB0 CN=Microsoft Exchange Server Auth Certificate 2690324B827A9F2B75D59104F81CAAA57CDD627B CN=WMSvc-Exchange2013A [PS]
Keep reading

Running Multiple NGINX Ingress Controllers in AKS

Image
In some of the previous articles of this blog, we went through the process of installing NGINX as the Ingress Controller in AKS clusters. Either for applications that should be available directly from the public internet, or for applications that should only be accessed from networks considered internal. In the majority of the cases, however, and given that an AKS cluster is an environment that is designed to host multiple applications and provide economy at scale, additional ingress controllers may be required. In this post, we're going to go through the process of deploying an additional NGINX ingress controller that is going to be used for internal applications. The below diagram depicts the desired outcome: The Angular application is published via the public NGINX through the Azure Load Balancer that has been assigned a public IP. The .NET app is published by a different set of NGINX pods that are deployed in a different namespace and their ingress controller service is connect
Keep reading