Introduction

This is the 14th installment of the Automating OpsMgr series. Previously on this series:

Previously in part 12 and 13, I have demonstrated how to create performance related workflows using the OpsMgrExtended module. Today, I will start discussing event data, in this post, I will demonstrate how to create an event collection rule.

In the OpsMgrExtended module, there is a function called New-OMEventCollectionRule, which can be used to create event collection rules. It has been fully documented, you can access the documentation by using the Get-Help cmdlet:

Get-Help New-OMEventCollectionRule

SNAGHTML8b917c0

A side note here, Last week, I received an email asked me if the OpsMgrExtended module can be used outside of SMA and Azure Automation. The answer is yes, it can be used as a normal PowerShell module. for all the functions included in the module, you can access the examples by using the Get-Help cmdlet with –Full or –Example switch:

image

Runbook: New-EventCollectionRule

Workflow New-EventCollectionRule
{
  Param(
  [Parameter(Mandatory=$true)][String]$RuleName,
  [Parameter(Mandatory=$true)][String]$RuleDisplayName,
  [Parameter(Mandatory=$true)][String]$EventLog,
  [Parameter(Mandatory=$true)][String]$Publisher,
  [Parameter(Mandatory=$false)][Int]$EventID,
  [Parameter(Mandatory=$true)][String]$ClassName,
  [Parameter(Mandatory=$true)][Boolean]$RuleDisabled
  )

  #Get OpsMgrSDK connection object
  $OpsMgrSDKConn = Get-AutomationConnection -Name "OpsMgrSDK_HOME"

  #Hard code which MP to use
  $MPName = "TYANG.Test.Windows.Monitoring"

  #Make sure MP exists
  Write-Verbose "Getting management pack '$MPName'"
  $MP = Get-OMManagementPack -SDKConnection $OpsMgrSDKConn -Name $MPName -ErrorAction SilentlyContinue
  If ($MP -eq $null)
  {
    #MP doesn't exist, create it
    Write-Verbose "management pack '$MPName' does not exist. creating now."
    $CreateMP = New-OMManagementPack -SDKConnection $OpsMgrSDKConn -Name $MPName -DisplayName "TYANG Test Windows Monitoring" -Version "1.0.0.0"
  }
  #Hard code frequency (900 seconds)
  $Frequency = 900

  #Create Event Collection Rule, MP Version will be increased by 0.0.0.1
  $RuleCreated = InlineScript
  {

    #Validate rule Name
    If ($USING:RuleName -notmatch "([a-zA-Z0-9]+\.)+[a-zA-Z0-9]+")
    {
      #Invalid rule name entered
      $ErrMsg = "Invalid rule name specified. Please make sure it only contains alphanumeric charaters and only use '.' to separate words. i.e. 'Your.Company.Application.Log.EventID.1234.Collection.Rule'."
      Write-Error $ErrMsg
    } else {
      #Name is valid, creating the rule
      New-OMEventCollectionRule -SDKConnection $USING:OpsMgrSDKConn -MPName $USING:MPName -RuleName $USING:RuleName -RuleDisplayName $USING:RuleDisplayName -ClassName $USING:ClassName -EventLog $USING:EventLog -Publisher $USING:Publisher -EventID $USING:EventID -Disabled $USING:RuleDisabled -IncreaseMPVersion $true
    }
  }

  If ($RuleCreated)
  {
    Write-Output "Rule `"$RuleName`" created."
  } else {
    Write-Error "Unable to create rule `"$RuleName`"."
  }
}

I have hardcoded the following parameters in the runbook:

  • SMA OpsMgr connection object name (which you will need to change to suit your environment)
  • Frequency – 900 seconds
  • (Unsealed) MP (where the rule  is going to be saved to) – “TYANG.Test.Windows.Monitoring”

Additionally, this runbook will firstly try to retrieve the management pack from the management group, if the MP deosn’t exist, it will create it first.

This runbook takes the following input parameters:

  • ClassName – The name of the target monitoring class (i.e.Microsoft.Windows.Server.OperatingSystem)
  • **EventID **– Optional. the Event ID to be collected by the rule.
  • EventLog –The name of the event log to be collected by the rule
  • Publisher– The event publisher
  • RuleDisabled– Boolean, whether the event collection rule should be disabled by default
  • RuleDisplayName– Display name of the rule
  • RuleName – The name of the rule

Runbook Execution Result:

image

Viewing the rule properties in OpsMgr operations console:

image

image

image

image

What if I don’t want to use SMA or Azure Automation?

Like I mentioned before, you don’t have to if you don’t want to. You can simply modify the runbook demonstrated above to run in a standalone PowerShell console by changing the PowerShell workflow to pass the OpsMgr management server name to the OpsMgrExtended functions (instead of SMA connection objects):

image

After updated the script (which contains the PS Workflow), firstly run the workflow in PowerShell, then call / execute the workflow:

Load the workflow:

SNAGHTML93cdde2

Execute the workflow:

image

Conclusion

In this post, I have demonstrated how to create an event collection rule using OpsMgrExtended module, with and without automation engines such as SMA and Azure Automation. I will demonstrate how to create a 2-state event monitor in the next post of the Automating OpsMgr series. Until next time, happy automating!

Leave a comment