[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6530
  • Last Modified:

Process Monitoring a SCOM 2007

Hi,

I need to setup some kind process monitoring using SCOM 2007. I need to monitor one virtual machine that runs four polarlake circuits (4 java.exe processes). I managed to find a custom management pack process.xml and import in it SCOM 2007. Having looked at it doesn't look like it's enabled by default. I'm kinda worried now if I enable it will monitor too many processes on two many machines. How to I enable it and get it to monitor just one machine? I guessing maybe on override of some kind? Monitor name
Processmonitor.xml

 <?xml version="1.0" encoding="utf-8" ?>
- <ManagementPack xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" ContentReadable="true">
- <Manifest>
- <Identity>
  <ID>ProcessMonitor</ID>
  <Version>6.0.5000.0</Version>
  </Identity>
  <Name>ProcessMonitor</Name>
- <References>
- <Reference Alias="Windows">
  <ID>Microsoft.Windows.Library</ID>
  <Version>6.0.5000.0</Version>
  <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
  </Reference>
- <Reference Alias="MicrosoftSystemCenterInstanceGroupLibrary6050000">
  <ID>Microsoft.SystemCenter.InstanceGroup.Library</ID>
  <Version>6.0.5000.0</Version>
  <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
  </Reference>
- <Reference Alias="System">
  <ID>System.Library</ID>
  <Version>6.0.5000.0</Version>
  <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
  </Reference>
- <Reference Alias="SystemCenter">
  <ID>Microsoft.SystemCenter.Library</ID>
  <Version>6.0.5000.28</Version>
  <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
  </Reference>
- <Reference Alias="Health">
  <ID>System.Health.Library</ID>
  <Version>6.0.5000.28</Version>
  <PublicKeyToken>31bf3856ad364e35</PublicKeyToken>
  </Reference>
  </References>
  </Manifest>
- <TypeDefinitions>
- <EntityTypes>
- <ClassTypes>
  <ClassType ID="UINameSpacef0b7f6b62d3e472dbfaeb1e168768d10.Group" Accessibility="Public" Abstract="false" Base="MicrosoftSystemCenterInstanceGroupLibrary6050000!Microsoft.SystemCenter.InstanceGroup" Hosted="false" Singleton="true" />
  </ClassTypes>
  </EntityTypes>
  </TypeDefinitions>
- <Monitoring>
- <Discoveries>
- <Discovery ID="UINameSpacef0b7f6b62d3e472dbfaeb1e168768d10.Group.DiscoveryRule" Enabled="true" Target="UINameSpacef0b7f6b62d3e472dbfaeb1e168768d10.Group" ConfirmDelivery="false" Remotable="true" Priority="Normal">
  <Category>Discovery</Category>
- <DiscoveryTypes>
  <DiscoveryRelationship TypeID="MicrosoftSystemCenterInstanceGroupLibrary6050000!Microsoft.SystemCenter.InstanceGroupContainsEntities" />
  </DiscoveryTypes>
- <DataSource ID="GroupPopulationDataSource" TypeID="SystemCenter!Microsoft.SystemCenter.GroupPopulator">
  <RuleId>$MPElement$</RuleId>
  <GroupInstanceId>$MPElement[Name="UINameSpacef0b7f6b62d3e472dbfaeb1e168768d10.Group"]$</GroupInstanceId>
- <MembershipRules>
- <MembershipRule>
  <MonitoringClass>$MPElement[Name="SystemCenter!Microsoft.SystemCenter.ManagedComputerServer"]$</MonitoringClass>
  <RelationshipClass>$MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary6050000!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass>
- <IncludeList>
  <MonitoringObjectId>b7bc40c1-1da0-7d94-abb5-3d021451b5a2</MonitoringObjectId>
  </IncludeList>
  </MembershipRule>
  </MembershipRules>
  </DataSource>
  </Discovery>
  </Discoveries>
- <Monitors>
- <UnitMonitor ID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3" Accessibility="Public" Enabled="false" Target="Windows!Microsoft.Windows.Computer" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.TimedScript.ThreeStateMonitorType" ConfirmDelivery="false">
  <Category>Custom</Category>
- <AlertSettings AlertMessage="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3_AlertMessageResourceID">
  <AlertOnState>Warning</AlertOnState>
  <AutoResolve>true</AutoResolve>
  <AlertPriority>Normal</AlertPriority>
  <AlertSeverity>Error</AlertSeverity>
- <AlertParameters>
  <AlertParameter1>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetbiosComputerName$</AlertParameter1>
  </AlertParameters>
  </AlertSettings>
- <OperationalStates>
  <OperationalState ID="UIGeneratedOpStateIdf07b9cad6e1e4ce4a0d1e7941e46136d" MonitorTypeStateID="Success" HealthState="Success" />
  <OperationalState ID="UIGeneratedOpStateId1a6c97cdbafb4a4d8b364e319012717e" MonitorTypeStateID="Warning" HealthState="Warning" />
  <OperationalState ID="UIGeneratedOpStateId40db671fdaa6464e868a87ba017ac46c" MonitorTypeStateID="Error" HealthState="Error" />
  </OperationalStates>
- <Configuration>
  <IntervalSeconds>300</IntervalSeconds>
  <SyncTime />
  <ScriptName>ProcessMonitor.vbs</ScriptName>
  <Arguments>svchost.exe 1 2</Arguments>
  <ScriptBody>' Script to send back "TooFew" "Good" or "TooMany" depending upon the number of processes of a specific name running on the system ' Dim oAPI, oBag Dim ErrorCount Dim WarningCount Dim SuccessCount Dim propertyBag Set oAPI = CreateObject("MOM.ScriptAPI") Set oArgs = WScript.Arguments 'map event types & numbers to friendly names Const EVENT_TYPE_ERROR = 1 Const EVENT_TYPE_WARNING = 2 Const EVENT_TYPE_SUCCESS = 4 If oArgs.Count < 3 Then ' If the script is called without the required arguments, ' create an information event and then quit. ' Set objShell = Wscript.CreateObject("Wscript.Shell") ' objShell.LogEvent EVENT_TYPE_ERROR, _ ' "ProcessMonitor run with an incorrect number of arguments." WScript.Quit -1 End If 'Get script parameter values for OpsMgr strProcess = oArgs.Item(0) GoodLowerCount = oArgs.Item(1) GoodUpperCount = oArgs.Item(2) ' Set objShell = Wscript.CreateObject("Wscript.Shell") ' objShell.LogEvent EVENT_TYPE_SUCCESS, _ ' "ProcessMonitor run with " & strProcess & " " & GoodLowerCount & " " & GoodUpperCount & " as arguments." strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colProcesses = objWMIService.ExecQuery _ ("Select * from Win32_Process Where Name = '" & strProcess & "'") ' Set objShell = Wscript.CreateObject("Wscript.Shell") ' objShell.LogEvent EVENT_TYPE_SUCCESS, _ ' "ProcessMonitor colProcesses.Count equals " & colProcesses.Count & "." if colProcesses.Count > cInt(GoodUpperCount) Then Set objShell = Wscript.CreateObject("Wscript.Shell") ' objShell.LogEvent EVENT_TYPE_WARNING, _ ' "The process, " & strProcess & ", is running too many times. " & colProcesses.Count & " were running." Set propertyBag = oAPI.CreatePropertyBag () Call propertyBag.AddValue ("Status", "TooMany") Call propertyBag.AddValue ("Process", strProcess) End If if colProcesses.Count < cInt(GoodLowerCount) Then Set objShell = Wscript.CreateObject("Wscript.Shell") ' objShell.LogEvent EVENT_TYPE_ERROR, _ ' "There are not enough " & strProcess & " running. " & colProcesses.Count & " were running." Set propertyBag = oAPI.CreatePropertyBag () Call propertyBag.AddValue ("Status", "TooFew") Call propertyBag.AddValue ("Process", strProcess) End If if colProcesses.Count => cInt(GoodLowerCount) and colProcesses.Count <= cInt(GoodUpperCount) Then Set objShell = Wscript.CreateObject("Wscript.Shell") ' objShell.LogEvent EVENT_TYPE_SUCCESS, _ ' "The process, " & strProcess & ", has " & colProcesses.Count & " processes running." Set propertyBag = oAPI.CreatePropertyBag () Call propertyBag.AddValue ("Status", "Good") Call propertyBag.AddValue ("Process", strProcess) End If Call oAPI.Return(propertyBag)</ScriptBody>
  <TimeoutSeconds>60</TimeoutSeconds>
- <ErrorExpression>
- <SimpleExpression>
- <ValueExpression>
  <XPathQuery>Property[@Name='Status']</XPathQuery>
  </ValueExpression>
  <Operator>Equal</Operator>
- <ValueExpression>
  <Value Type="String">TooFew</Value>
  </ValueExpression>
  </SimpleExpression>
  </ErrorExpression>
- <WarningExpression>
- <SimpleExpression>
- <ValueExpression>
  <XPathQuery>Property[@Name='Status']</XPathQuery>
  </ValueExpression>
  <Operator>Equal</Operator>
- <ValueExpression>
  <Value Type="String">TooMany</Value>
  </ValueExpression>
  </SimpleExpression>
  </WarningExpression>
- <SuccessExpression>
- <SimpleExpression>
- <ValueExpression>
  <XPathQuery>Property[@Name='Status']</XPathQuery>
  </ValueExpression>
  <Operator>Equal</Operator>
- <ValueExpression>
  <Value Type="String">Good</Value>
  </ValueExpression>
  </SimpleExpression>
  </SuccessExpression>
  </Configuration>
  </UnitMonitor>
  </Monitors>
- <Overrides>
- <MonitorPropertyOverride ID="OverrideForMonitorUIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3ForContextHYDRAodysseycom292effd5fb03487091b8796bbf469306" Context="Windows!Microsoft.Windows.Computer" ContextInstance="cf0fa0f6-085c-cc62-c2c3-fc248566e6ba" Enforced="false" Monitor="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3" Property="Enabled">
  <Value>true</Value>
  </MonitorPropertyOverride>
- <MonitorConfigurationOverride ID="OverrideForMonitorUIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3ForContextHYDRAodysseycom808e102f547840ebafe82fa67f15988c" Context="Windows!Microsoft.Windows.Computer" ContextInstance="cf0fa0f6-085c-cc62-c2c3-fc248566e6ba" Enforced="false" Monitor="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3" Parameter="Arguments">
  <Value>notepad.exe 1 2</Value>
  </MonitorConfigurationOverride>
  </Overrides>
  </Monitoring>
- <Presentation>
- <Folders>
  <Folder ID="Folder_4afdde9b76154e8688e45118ae6ef6fe" Accessibility="Public" ParentFolder="SystemCenter!Microsoft.SystemCenter.Monitoring.ViewFolder.Root" />
  </Folders>
- <StringResources>
  <StringResource ID="UIGeneratedMonitor3a6c7493cf8b4d548b93bf4aa5befe9b_AlertMessageResourceID" />
  <StringResource ID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3_AlertMessageResourceID" />
  </StringResources>
  </Presentation>
- <LanguagePacks>
- <LanguagePack ID="ENU" IsDefault="false">
- <DisplayStrings>
- <DisplayString ElementID="ProcessMonitor">
  <Name>ProcessMonitor</Name>
  <Description>Monitor processes on systems and alert if an incorrect number is running. This rule is designed to be disabled/do NOT enable the monitor. This would cause each system in the environment to alert if there is less than 1 svchost.exe or more than 2 svchost.exe programs running on the system. To activate this rule, configure it with an override through the following process: Create the override for the System Center Managed Computer (Any OS) version of the ProcessMonitor. This override needs to enable the server and needs to specify the parameters for this. As an example: Enable the override  set the Enabled parameter to True Specify the parameters - the name of the exe and then a space and the lower acceptable value and upper acceptable value. Example: For Server1 we enable the override parameter to True, and specify the parameters to svcmon.exe 1 2. This says for the Server1 system to activate this rule, and alert if there is less than 1 svcmon.exe running on the system or if there are greater than 2 svcmon.exe running on the system.</Description>
  </DisplayString>
- <DisplayString ElementID="Folder_4afdde9b76154e8688e45118ae6ef6fe">
  <Name>ProcessMonitor</Name>
  </DisplayString>
- <DisplayString ElementID="UINameSpacef0b7f6b62d3e472dbfaeb1e168768d10.Group">
  <Name>ProcessMonitor</Name>
  </DisplayString>
- <DisplayString ElementID="UINameSpacef0b7f6b62d3e472dbfaeb1e168768d10.Group.DiscoveryRule">
  <Name>Populate ProcessMonitor</Name>
  <Description>This discovery rule populates the group 'ProcessMonitor'</Description>
  </DisplayString>
- <DisplayString ElementID="UIGeneratedMonitor3a6c7493cf8b4d548b93bf4aa5befe9b_AlertMessageResourceID">
  <Name>ProcessMonitor</Name>
  </DisplayString>
- <DisplayString ElementID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3">
  <Name>ProcessMonitor</Name>
  </DisplayString>
- <DisplayString ElementID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3" SubElementID="UIGeneratedOpStateIdf07b9cad6e1e4ce4a0d1e7941e46136d">
  <Name>Healthy</Name>
  </DisplayString>
- <DisplayString ElementID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3" SubElementID="UIGeneratedOpStateId40db671fdaa6464e868a87ba017ac46c">
  <Name>Unhealthy</Name>
  </DisplayString>
- <DisplayString ElementID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3" SubElementID="UIGeneratedOpStateId1a6c97cdbafb4a4d8b364e319012717e">
  <Name>Degraded</Name>
  </DisplayString>
- <DisplayString ElementID="UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3_AlertMessageResourceID">
  <Name>ProcessMonitor</Name>
  <Description>Incorrect number of processes running on {0}. See the Alert Context tab for details on what process.</Description>
  </DisplayString>
  </DisplayStrings>
  </LanguagePack>
  </LanguagePacks>
  </ManagementPack>



0
makel2
Asked:
makel2
  • 7
  • 2
  • 2
1 Solution
 
alimuCommented:
pretty much what you said, you would leave the monitor disabled and then use an override to enable it on specific machines or groups of machines.
If you read through the xml you just posted, you'll see the instructions there:
"This rule is designed to be disabled/do NOT enable the monitor. This would cause each system in the environment to alert if there is less than 1 svchost.exe or more than 2 svchost.exe programs running on the system. To activate this rule, configure it with an override through the following process: Create the override for the System Center Managed Computer (Any OS) version of the ProcessMonitor. This override needs to enable the server and needs to specify the parameters for this. As an example: Enable the override  set the Enabled parameter to True Specify the parameters - the name of the exe and then a space and the lower acceptable value and upper acceptable value. Example: For Server1 we enable the override parameter to True, and specify the parameters to svcmon.exe 1 2. This says for the Server1 system to activate this rule, and alert if there is less than 1 svcmon.exe running on the system or if there are greater than 2 svcmon.exe running on the system.</Description>
"
0
 
makel2Author Commented:
Hi I was able to change and import the management pack with no problems. The problem I has now is that I just want to monitor one computer. I'm findin it impossible I'm created one group and added the server as the only member. I then went to the process monitor enabled the monitor and overrided the changes to only one group which was the group I created! This did not work hover if I enable the monitor whichout any overrides my console lights up like a Christmas tree ( in other words I get process alerts from every machine I've added the SCOM agent software to. I just want to monitor one server a detailed procedure would help :-P
0
 
alimuCommented:
the detailed procedure is the one in the last post - you shouldn't actually need to create any groups if you want to apply it only to one machine, you just set an override applied to that machine.
So you're looking at this part of the description from the xml file: Example: For Server1 we enable the override parameter to True, and specify the parameters to svcmon.exe 1 2. This says for the Server1 system to activate this rule, and alert if there is less than 1 svcmon.exe running on the system or if there are greater than 2 svcmon.exe running on the system
Go to the Authoring tab in Opsmgr console and locate your rule.
(Click on "Change Scope..." and look for "System Center Managed Computer (Any OS), tick the box and click ok - your rule will appear in this subset of Opsmgr rules).
  • Right Click Rule  --> Overrides --> Override The Rule --> For a specific Object of Type : System Center Managed Computer (Any OS)
  • Select the computer you want to enable the rule for from the list
  • Find the Parameter Name "Enabled" and tick the Override box beside it.  Change Override setting to "True".
  • Enter a description in the override if you wish to track why you changed this setting by clicking "Edit". - my standard description is <Date>, <Your Name>, <Details>.  This makes sifting through the xml later much simpler.
  • Select destination management pack, if you don't have one already for your custom rules (I create a custom MP for every set of Management Packs I import), create a New one by clicking "New" and entering a Management Pack name. - Using the default management pack is not good practice and makes it difficult to upgrade things later down the track.
  • Edit your other settings as per the instructions above - parameters for you will be java.exe 4 4 (i.e. no more or less than 4 java.exe processes).  
  • Again edit the description to describe why you changed the setting
  • Again save to your custom MP.
  • Click OK
Voila, your override is set and you should be monitoring your specific server.
Hope this is a little clearer, any questions let me know.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
alimuCommented:
As well as the step-through, I've just re-read your last post and I think I've spotted where you're going wrong,
"I then went to the process monitor enabled the monitor and overrided the changes to only one group "   
Back up a bit... you don't ever enable the monitor.  You set an override on the disabled monitor.  The override is what turns the rule on but only for the specific object/s you want monitored.
Make sense?
0
 
alimuCommented:
Hi makel2,
I think the email notifications have been playing up here so I just wanted to check in and see how you were going with this?
Let me know if you have any questions or if it's still not working..
0
 
makel2Author Commented:
Thanks very much that procedure worked happy days :-) . I tested it on a Virtual machine and I got alerts.
0
 
alimuCommented:
excellent! thanks for the points and the feedback on whether it worked :)
0
 
TheCleanerCommented:
Folks,

Came across this post.  Excellent Info...however after I imported the MP and went to Rules it wasn't listed there (under System Center Managed Computer (any OS)).  It is listed under the MP section and the Monitors section though.

Am I missing a step...I'm fairly new to SCOM.
0
 
alimuCommented:
TheCleaner, terminology with this thing consistently turns around and bites me on the you-know-what  :)  I never actually installed the custom management pack on my system and got caught by the xml author's use of the word "rule".
You'd be correct, the unit "monitor" in question is "UIGeneratedMonitordd69a321a9c649c1b8266ba2e28da8e3".  
The friendly name for this mouthful can be found in the DisplayName section of the xml --> "ProcessMonitor".  
The target is back in the unit monitor's configuration --> "Windows!Microsoft.Windows.Computer" (indicating the Microsoft Windows Computer object found in whatever management pack shows up in the references section as "Windows")..   the bonus of knowing that one is that you can scope the monitors list and cut down what you need to enumerate to track down the unit monitor.
have fun :)
0
 
TheCleanerCommented:
alimu,

Thanks for the reply.  I did end up getting it working.  Funny thing is that R2 will have this built in if they'd just release it already.
0
 
alimuCommented:
:) tell me about it (that and the Exchange 2007 Native Management Pack would be lovely.. I'll probably get them both just in time for Christmas)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now