-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathRule.AlertGenerating.TimedScript.Powershell.NoParams.mpx
More file actions
225 lines (206 loc) · 9.34 KB
/
Rule.AlertGenerating.TimedScript.Powershell.NoParams.mpx
File metadata and controls
225 lines (206 loc) · 9.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
<ManagementPackFragment SchemaVersion="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<!--
%%
Description:
A Rule which runs a timed PowerShell script (no parameters) as the DataSource and ALERTS based on matching a condition detection
CompanyID - is a short abbreviation for your company with NO SPACES OR SPECIAL CHARACTERS ALLOWED
AppName - is a short name for your app with NO SPACES OR SPECIAL CHARACTERS ALLOWED
ClassID - is the targeted class such as your custom class or Windows!Microsoft.Windows.Server.OperatingSystem
UniqueID - Is a unique short description of the workflow purpose (NO SPACES OR SPECIAL CHARACTERS ALLOWED) such as "CountFilesInFolder"
Version: 1.6
LastModified: 31-Aug-2019
%%
In this fragment you need to replace:
##CompanyID##
##AppName##
##ClassID##
##UniqueID##
This fragment depends on references:
RequiredReference: Alias="System", ID="System.Library"
RequiredReference: Alias="Windows", ID="Microsoft.Windows.Library"
RequiredReference: Alias="Health", ID="System.Health.Library"
@@Author=Kevin Holman@@
-->
<TypeDefinitions>
<ModuleTypes>
<DataSourceModuleType ID="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.Datasource" Accessibility="Internal" Batching="false">
<Configuration>
<xsd:element minOccurs="1" type="xsd:integer" name="IntervalSeconds" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="0" type="xsd:string" name="SyncTime" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:integer" name="TimeoutSeconds" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int" />
<OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string" />
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int" />
</OverrideableParameters>
<ModuleImplementation Isolation="Any">
<Composite>
<MemberModules>
<DataSource ID="Scheduler" TypeID="System!System.Scheduler">
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit="Seconds">$Config/IntervalSeconds$</Interval>
<SyncTime>$Config/SyncTime$</SyncTime>
</SimpleReccuringSchedule>
<ExcludeDates />
</Scheduler>
</DataSource>
<ProbeAction ID="PA" TypeID="Windows!Microsoft.Windows.PowerShellPropertyBagProbe">
<ScriptName>##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.Datasource.ps1</ScriptName>
<ScriptBody>
#=================================================================================
# Describe Script Here
#
# Author: Kevin Holman
# v1.0
#=================================================================================
# Constants section - modify stuff here:
#=================================================================================
# Assign script name variable for use in event logging.
# ScriptName should be the same as the ID of the module that the script is contained in
$ScriptName = "##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.Datasource.ps1"
$EventID = "1234"
#=================================================================================
# Starting Script section - All scripts get this
#=================================================================================
# Gather the start time of the script
$StartTime = Get-Date
#Set variable to be used in logging events
$whoami = whoami
# Load MOMScript API
$momapi = New-Object -comObject MOM.ScriptAPI
#Log script event that we are starting task
$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).")
#=================================================================================
# PropertyBag Script section - Monitoring scripts get this
#=================================================================================
# Load SCOM PropertyBag function
$bag = $momapi.CreatePropertyBag()
#=================================================================================
# Begin MAIN script section
#=================================================================================
#For a simple example - get files in Windows Temp:
[int]$TempCount = (Get-ChildItem C:\Windows\Temp).Count
IF ($TempCount -lt 1)
{
$Result = "BAD"
$Message = "The number of files in temp was zero or we failed to get the data"
}
ELSEIF ($TempCount -ge 20)
{
$Result = "BAD"
$Message = "The number of files in temp was greater than 20"
}
ELSE
{
$Result = "GOOD"
}
#Check the value of Result
IF ($Result -eq "GOOD")
{
$momapi.LogScriptEvent($ScriptName,$EventID,0, "`n Good Condition Found `n FilesInTemp = ($TempCount)")
$bag.AddValue('Result',$Result)
}
ELSE
{
$momapi.LogScriptEvent($ScriptName,$EventID,0, "`n Bad Condition Found. `n FilesInTemp = ($TempCount)")
$bag.AddValue('Result',$Result)
$bag.AddValue('TempCount',$TempCount)
$bag.AddValue('Message',$Message)
}
# Return all bags
$bag
#=================================================================================
# End MAIN script section
# End of script section
#=================================================================================
#Log an event for script ending and total execution time.
$EndTime = Get-Date
$ScriptTime = ($EndTime - $StartTime).TotalSeconds
$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script Completed. `n Script Runtime: ($ScriptTime) seconds.")
#=================================================================================
# End of script
</ScriptBody>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID="PA">
<Node ID="Scheduler" />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>System!System.PropertyBagData</OutputType>
</DataSourceModuleType>
</ModuleTypes>
</TypeDefinitions>
<Monitoring>
<Rules>
<Rule ID="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule" Enabled="true" Target="##ClassID##" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.Datasource">
<IntervalSeconds>3600</IntervalSeconds>
<SyncTime></SyncTime>
<TimeoutSeconds>120</TimeoutSeconds>
</DataSource>
</DataSources>
<ConditionDetection ID="CD" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='Result']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BAD</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<SuppressionSettings>
<MatchCount>1</MatchCount>
</SuppressionSettings>
</ConditionDetection>
<WriteActions>
<WriteAction ID="WA" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority> <!-- 0=Low, 1=Medium, 2=High -->
<Severity>1</Severity> <!-- 0=Information, 1=Warning, 2=Critical -->
<AlertMessageId>$MPElement[Name="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Property[@Name='Result']$</AlertParameter1>
<AlertParameter2>$Data/Property[@Name='TempCount']$</AlertParameter2>
<AlertParameter3>$Data/Property[@Name='Message']$</AlertParameter3>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/Property[@Name='Message']$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>
</Rules>
</Monitoring>
<Presentation>
<StringResources>
<StringResource ID="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.AlertMessage" />
</StringResources>
</Presentation>
<LanguagePacks>
<LanguagePack ID="ENU" IsDefault="true">
<DisplayStrings>
<DisplayString ElementID="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule">
<Name>##CompanyID## ##AppName## ##UniqueID## Script Alert Rule</Name>
<Description></Description>
</DisplayString>
<DisplayString ElementID="##CompanyID##.##AppName##.##UniqueID##.Script.Alert.Rule.AlertMessage">
<Name>##CompanyID## ##AppName## ##UniqueID## Script Alert Rule Triggered</Name>
<Description>##CompanyID## ##AppName## ##UniqueID## Script Alert Rule: detected a bad condition
Result: {0}
Files in Temp: {1}
Message: {2}</Description>
</DisplayString>
</DisplayStrings>
</LanguagePack>
</LanguagePacks>
</ManagementPackFragment>