# Constants section - modify stuff here:
#=================================================================================
# Assign script name variable for use in event logging.
# ScriptName should be the same as the ID of the module that the script is contained in
$ScriptName = "OpsLogix.OpsMgr.AlertStorm.Monitoring.AlertRate.Detection.ps1"
$EventID = "10101"
#=================================================================================
# Starting Script section - All scripts get this
#=================================================================================
# Gather the start time of the script
$StartTime = Get-Date
#Set variable to be used in logging events
$whoami = whoami
# Load MOMScript API
$momapi = New-Object -comObject MOM.ScriptAPI
#Log script event that we are starting task
$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).")
#=================================================================================
#=================================================================================
# Main
#=================================================================================
# Convert input parameter to boolean
$IncludeRepeatedAlerts = [System.Convert]::ToBoolean($IncludeRepeatCount)
# Import module for Operations Manager
Import-Module OperationsManager
# Define time frame for searching alerts
$SearchLimit = (Get-Date).ToUniversalTime().AddMinutes(-$LastMinutes)
# Get all alerts created during the time frame
$Alerts = Get-SCOMAlert | ? {$_.TimeRaised -gt $SearchLimit}
$NumberOfAlerts = $Alerts.Count
# Search for multiple alerts exceeding the occurance limit
$MultipleAlertsFound = $False
$MultipleAlertsDescription = "The following alert has been triggered more than $ThresholdMultipleAlerts times during the last $LastMinutes minutes:"
$MultipleAlerts = $Alerts | Group-Object -Property Name -NoElement
ForEach ($Alert in $MultipleAlerts) {
If ($Alert.Count -gt $ThresholdMultipleAlerts) {
$MultipleAlertsFound = $True
$MultipleAlertsDescription += "`n $($Alert.Name) ($($Alert.Count))"
}
}
# Get number of repeated alerts during the time frame (if selected)
$NumberOfRepeatedAlerts = 0
If ($IncludeRepeatedAlerts) {
$RepeatedAlerts = Get-SCOMAlert | ? {$_.IsMonitorAlert -eq $False -AND $_.RepeatCount -gt 0 -AND $_.LastModified -gt $SearchLimit}
ForEach ($Alert in $RepeatedAlerts) {
$NumberOfRepeatedAlerts += [Int](($Alert.RepeatCount / ($Alert.LastModified - $Alert.TimeRaised).TotalMinutes) * $LastMinutes)
}
}
# Calculate total number of alerts during the time frame
$TotalNumberOfAlerts = $NumberOfAlerts + $NumberOfRepeatedAlerts
# Log result
If ($TotalNumberOfAlerts -gt $ThresholdAllAlerts) {
$momapi.LogScriptEvent($ScriptName,$EventID,1,"More than $ThresholdAllAlerts alerts have been triggered during the last $LastMinutes minutes. Total number of alerts: $TotalNumberOfAlerts")
}
ElseIf ($MultipleAlertsFound) {
$momapi.LogScriptEvent($ScriptName,$EventID,2,$MultipleAlertsDescription)
}
Else {
$momapi.LogScriptEvent($ScriptName,$EventID,0,"The number of alerts during the last $LastMinutes minutes are less than threshold $ThresholdAllAlerts")
}
#=================================================================================
# End MAIN
#=================================================================================
# End of script section
#=================================================================================
#Log an event for script ending and total execution time.
$EndTime = Get-Date
$ScriptTime = ($EndTime - $StartTime).TotalSeconds
$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script Completed. `n Script Runtime: ($ScriptTime) seconds.")
#=================================================================================
# End of script
Home
Show References: