Home
  •  

QND.OMS.GetAlertRuleState.PT (ProbeActionModuleType)

Element properties:

TypeProbeActionModuleType
IsolationAny
AccessibilityPublic
RunAsDefault
InputTypeSystem.BaseData
OutputTypeSystem.PropertyBagData

Member Modules:

ID Module Type TypeId RunAs 
POSH ProbeAction Microsoft.Windows.PowerShellPropertyBagProbe Default

Overrideable Parameters:

IDParameterTypeSelector
TimeoutSecondsint$Config/TimeoutSeconds$
TraceLevelint$Config/TraceLevel$
Tolerancedouble$Config/Tolerance$

Source Code:

<ProbeActionModuleType ID="QND.OMS.GetAlertRuleState.PT" Accessibility="Public" Batching="false">

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TimeoutSeconds" type="xsd:int" minOccurs="0" maxOccurs="1" default="60"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TraceLevel" type="xsd:int" minOccurs="0" maxOccurs="1"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ClientId" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="SubscriptionId" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Proxy" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="AuthBaseAddress" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ResourceBaseAddress" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="AADUserName" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="AADPassword" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="ResourceURI" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="OMSAPIVersion" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="Tolerance" type="xsd:double" minOccurs="0" maxOccurs="1" default="0.5"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>

    <OverrideableParameter ID="TraceLevel" ParameterType="int" Selector="$Config/TraceLevel$"/>

    <OverrideableParameter ID="Tolerance" ParameterType="double" Selector="$Config/Tolerance$"/>

  </OverrideableParameters>

  <ModuleImplementation>

    <Composite>

      <MemberModules>

        <ProbeAction ID="POSH" TypeID="Windows!Microsoft.Windows.PowerShellPropertyBagProbe">

          <ScriptName>Get-OMSAlertRuleState.ps1</ScriptName>

          <ScriptBody><Script>



#TO SHOW VERBOSE MESSAGES SET $VerbosePreference="continue"

#SET ErrorLevel to 5 so show discovery info

#https://azure.microsoft.com/en-us/documentation/articles/operational-insights-api-log-search/

#*************************************************************************

# Script Name - 

# Author	  -  Daniele Grandini - QND

# Version	  - 1.0 30-04-2016

# Purpose     - 

#               

# Assumptions - 

#				

#               

# Parameters  - TraceLevel

#             - ComputerName

#				- SourceId

#				- ManagedEntityId

# Command Line - .\test.ps1 4 "serverName" '{1860E0EB-8C21-41DA-9F35-2FE9343CCF36}' '{1860E0EB-8C21-41DA-9F35-2FE9343CCF36}'

# If discovery must be added the followinf parameters

#				SourceId ($ MPElement $ )

#				ManagedEntityId ($ Target/Id $)

#

# Output properties

#

# Status

#

# Version History

#	  1.0 06.08.2010 DG First Release

#     1.5 15.02.2014 DG minor cosmetics

#

# (c) Copyright 2010, Progel srl, All Rights Reserved

# Proprietary and confidential to Progel srl              

#

#*************************************************************************





# Get the named parameters

param([int]$traceLevel=2,

[Parameter (Mandatory=$true)][string]$clientId,

[Parameter (Mandatory=$true)][string]$SubscriptionId,

[string]$Proxy,

[Parameter (Mandatory=$true)][string]$AuthBaseAddress,

[Parameter (Mandatory=$true)][string]$ResourceBaseAddress,

[Parameter (Mandatory=$true)][string]$ADUserName,

[Parameter (Mandatory=$true)][string]$ADPassword,

[Parameter (Mandatory=$true)][string]$resourceURI,

[string]$OMSAPIVersion='2015-03-20',

[double]$Tolerance=0.5

)

 

	[Threading.Thread]::CurrentThread.CurrentCulture = "en-US"        

    [Threading.Thread]::CurrentThread.CurrentUICulture = "en-US"



#region Constants	

#Constants used for event logging

$SCRIPT_NAME			= "Get-OMSAlertRuleState"

$SCRIPT_VERSION = "1.0"



#Trace Level Costants

$TRACE_NONE 	= 0

$TRACE_ERROR 	= 1

$TRACE_WARNING = 2

$TRACE_INFO 	= 3

$TRACE_VERBOSE = 4

$TRACE_DEBUG = 5



#Event Type Constants

$EVENT_TYPE_SUCCESS      = 0

$EVENT_TYPE_ERROR        = 1

$EVENT_TYPE_WARNING      = 2

$EVENT_TYPE_INFORMATION  = 4

$EVENT_TYPE_AUDITSUCCESS = 8

$EVENT_TYPE_AUDITFAILURE = 16



#Standard Event IDs

$FAILURE_EVENT_ID = 4000		#errore generico nello script

$SUCCESS_EVENT_ID = 1101

$START_EVENT_ID = 1102

$STOP_EVENT_ID = 1103



#TypedPropertyBag

$AlertDataType = 0

$EventDataType	= 2

$PerformanceDataType = 2

$StateDataType       = 3



$EventSource = 'Progel Script'

$EventLog= 'Operations Manager'

#endregion



#region Logging



if ([System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $false) {

    [System.Diagnostics.EventLog]::CreateEventSource($EventSource, $eventlog)

}



function Log-Params

{

    param($Invocation)

    $line=''

    foreach($key in $Invocation.BoundParameters.Keys) {$line += "$key=$($Invocation.BoundParameters[$key])  "}

	Log-Event $START_EVENT_ID $EVENT_TYPE_INFORMATION  ("Starting script. Invocation Name:$($Invocation.InvocationName)`n Parameters`n $line") $TRACE_INFO

}



function Create-Event

  {

    param(

    [int] $eventID, 

    [int] $eventType,

    [string] $msg,

    [string[]] $parameters)



    switch ($eventType) {

        $EVENT_TYPE_SUCCESS {$nativeType=[System.Diagnostics.EventLogEntryType]::Information}

        $EVENT_TYPE_ERROR {$nativeType=[System.Diagnostics.EventLogEntryType]::Error}

        $EVENT_TYPE_WARNING {$nativeType=[System.Diagnostics.EventLogEntryType]::Warning}

        $EVENT_TYPE_INFORMATION {$nativeType=[System.Diagnostics.EventLogEntryType]::Information}

        $EVENT_TYPE_AUDITSUCCESS {$nativeType=[System.Diagnostics.EventLogEntryType]::AuditSuccess}

        $EVENT_TYPE_AUDITFAILURE {$nativeType=[System.Diagnostics.EventLogEntryType]::AuditFailure}

        default {

            Write-Verbose 'match?'

            $nativeType=[System.Diagnostics.EventLogEntryType]::Information

        }

    }

    $event = New-Object System.Diagnostics.EventInstance($eventID,1,$nativeType)



    $evtObject = New-Object System.Diagnostics.EventLog;

    $evtObject.Log = $EventLog;

    $evtObject.Source = $EventSource;

    $parameters = @($msg) + $parameters

    $evtObject.WriteEvent($event, $parameters)

  }





function Log-Event

{

	param($eventID, $eventType, $msg, $level)

	

	Write-Verbose ("Logging event. " + $SCRIPT_NAME + " EventID: " + $eventID + " eventType: " + $eventType + " Version:" + $SCRIPT_VERSION + " --&gt; " + $msg)

	if($level -le $P_TraceLevel)

	{

		Write-Host ("Logging event. " + $SCRIPT_NAME + " EventID: " + $eventID + " eventType: " + $eventType + " Version:" + $SCRIPT_VERSION + " --&gt; " + $msg)

        Create-Event -eventID $eventID -eventType $eventType -msg ($msg + "`n" + "Version :" + $SCRIPT_VERSION) -parameters @($SCRIPT_NAME,$SCRIPT_VERSION)

		#$g_API.LogScriptEvent($SCRIPT_NAME,$eventID,$eventType, ($msg + "`n" + "Version :" + $SCRIPT_VERSION))

	}

}

#endregion



#region Discovery Helpers

Function Throw-EmptyDiscovery

{

	param($SourceId, $ManagedEntityId)



	$oDiscoveryData = $g_API.CreateDiscoveryData(0, $SourceId, $ManagedEntityId)

	Log-Event $FAILURE_EVENT_ID $EVENT_TYPE_WARNING "Exiting with empty discovery data" $TRACE_INFO

	$oDiscoveryData

	If($traceLevel -eq $TRACE_DEBUG)

	{

		#just for debug proposes when launched from command line does nothing when run inside OpsMgr Agent

		$g_API.Return($oDiscoveryData)

	}

}



Function Throw-KeepDiscoveryInfo

{

param($SourceId, $ManagedEntityId)

	$oDiscoveryData = $g_API.CreateDiscoveryData(0,$SourceId,$ManagedEntityId)

	#Instead of Snapshot discovery, submit Incremental discovery data

	$oDiscoveryData.IsSnapshot = $false

	Log-Event $FAILURE_EVENT_ID $EVENT_TYPE_WARNING "Exiting with null non snapshot discovery data" $TRACE_INFO

	$oDiscoveryData    

	If($traceLevel -eq $TRACE_DEBUG)

	{

		#just for debug proposes when launched from command line does nothing when run inside OpsMgr Agent	

		$g_API.Return($oDiscoveryData)

	}

}



#endregion



Function Import-ResourceModule

{

	param($moduleName, $ArgumentList=$null)

	if (Get-Module -Name $moduleName) {return}



	$moduleName = '{0}.psm1' -f $moduleName

	$ResPath = (get-itemproperty -path 'HKLM:\system\currentcontrolset\services\healthservice\Parameters' -Name 'State Directory').'State Directory' + '\Resources'

	if(Test-Path $ResPath) {

		$module = @(get-childitem -path $ResPath -Filter $moduleName -Recurse)[0]

	}

	if($module) { $module = $module.FullName}

	else {$module = "$PSScriptRoot\$moduleName"}



	If (Test-Path $module) {Import-Module -Name $module -ArgumentList $ArgumentList}

	else {Throw [System.DllNotFoundException] ('{0} not found' -f $module)}

}





#Start by setting up API object.

	$P_TraceLevel = $TRACE_VERBOSE

	$g_Api = New-Object -comObject 'MOM.ScriptAPI'

	#$g_RegistryStatePath = "HKLM\" + $g_API.GetScriptStateKeyPath($SCRIPT_NAME)



	$dtStart = Get-Date

	$P_TraceLevel = $traceLevel

	Log-Params $MyInvocation



	try {

		Import-ResourceModule -moduleName QNDAdal -ArgumentList @($false)

		Import-ResourceModule -moduleName QNDAzure

	}

	catch {

		Log-Event $FAILURE_EVENT_ID $EVENT_TYPE_ERROR ("Cannot load required powershell modules $Error") $TRACE_ERROR

		exit 1	

	}



try

{

	if($proxy) {

		Log-Event $FAILURE_EVENT_ID $EVENT_TYPE_WARNING ("Proxy is not currently supported {0}" -f $proxy) $TRACE_WARNING

	}

	$pwd = ConvertTo-SecureString $ADPassword -AsPlainText -Force

	$cred = New-Object System.Management.Automation.PSCredential ($ADUserName, $pwd)

	$authority = Get-AdalAuthentication -resourceURI $resourcebaseAddress -authority $authBaseAddress -clientId $clientId -credential $cred

	$connection = $authority.CreateAuthorizationHeader()

}

catch {

	Log-Event $FAILURE_EVENT_ID $EVENT_TYPE_ERROR ("Cannot get Azure AD connection aborting $Error") $TRACE_ERROR

	Throw-KeepDiscoveryInfo

	exit 1	

}



try {



	$rules=@{}



$timeout=300

    $uri = '{0}{1}/savedSearches?api-version={2}' -f $ResourceBaseAddress,$resourceURI,$OMSAPIVersion

	$result = invoke-QNDAzureRestRequest -uri $uri -httpVerb GET -authToken ($connection) -nextLink $nextLink -data $null -TimeoutSeconds $timeout

	$savedSearches=@()

	do {

		$result = invoke-QNDAzureRestRequest -uri $uri -httpVerb GET -authToken ($connection) -nextLink $nextLink -data $null -TimeoutSeconds $timeout

		$nextLink = $result.NextLink

		$savedSearches += $result.values	

	} while ($nextLink)



	foreach($search in $savedSearches) {

		$uri = '{0}{1}/schedules?api-version={2}' -f $ResourceBaseAddress,$search.Id,$OMSAPIVersion

		$nextLink=$null

		$schedule = invoke-QNDAzureRestRequest -uri $uri -httpVerb GET -authToken ($connection) -nextLink $extLink -data $null -TimeoutSeconds $timeout -ErrorAction SilentlyContinue

		if($schedule.values) {

			#take into account just the first schedule for the search maybe this needs to be changed in future

			if ($schedule.Values[0].properties.Enabled -ieq 'True') {

			   $uri = '{0}{1}/actions?api-version={2}' -f $ResourceBaseAddress,$schedule.values.id,$OMSAPIVersion

			   $nextLink=$null

			   $actions = invoke-QNDAzureRestRequest -uri $uri -httpVerb GET -authToken ($connection) -nextLink $nextLink -data $null -TimeoutSeconds $timeout #-ErrorAction SilentlyContinue

			   if ($actions.Values) {

					if ($actions.Values[0].properties.Type -ieq 'Alert') {

						$rules.Add($actions.Values[0].properties.Name, @{

							"ScheduleId"=$schedule.Values[0].id;

							"Interval"=$schedule.Values[0].properties.Interval;

							"Status"='Inactive';

							"LastAlert"='';

							"AgeMinutes"=0

						})

						Log-Event $INFO_EVENT_ID $EVENT_TYPE_SUCCESS ('{0}, Interval={1}, Name={2}' -f $schedule.Values[0].id, $schedule.Values[0].properties.Interval, $actions.Values[0].properties.Name ) $TRACE_VERBOSE

					}

			   }

			}

		}

	}



	#now get the alerts in the last 24hours

	$query='Type:Alert SourceSystem=OMS | measure count() As Count, max(TimeGenerated) As Last by AlertName'

	$startDate=(Get-Date).AddHours(-24)

	$endDate=Get-Date

	$QueryArray = @{query=$Query}

	$QueryArray+= @{start=('{0}Z' -f $startDate.GetDateTimeFormats('s'))}

	$QueryArray+= @{end=('{0}Z' -f $endDate.GetDateTimeFormats('s'))}

    $body = ConvertTo-Json -InputObject $QueryArray



	$uri = '{0}{1}/search?api-version={2}' -f $ResourceBaseAddress,$resourceURI,$OMSAPIVersion

    $nextLink=$null

	$result = invoke-QNDAzureRestRequest -uri $uri -httpVerb POST -authToken ($connection) -nextLink $nextLink -data $body -TimeoutSeconds $timeout



	foreach($alert in $result.values) {

		if(! [String]::IsNullOrEmpty($alert.AlertName)) {

			if($rules.ContainsKey($alert.AlertName)) {

				$age = (get-Date)-([datetime] $alert.Last)

				Log-Event $INFO_EVENT_ID $EVENT_TYPE_SUCCESS ('Got Alert for {0}, Last occurrence={1}, Age={2}, Interval={3}' -f $alert.AlertName, $alert.Last, $age.TotalMinutes, $rules.Item($alert.AlertName).Interval) $TRACE_VERBOSE

				$rules.Item($alert.AlertName).AgeMinutes=$age.TotalMinutes

				$rules.Item($alert.AlertName).LastAlert=$alert.Last

				#add 50% to avoid unnecessary flip/flop

				if($age.TotalMinutes -le ($rules.Item($alert.AlertName).Interval*(1+$Tolerance))) {

					$rules.Item($alert.AlertName).Status='Active'

				}

			}

		}

	}



	#now prepare the property bag and return

	foreach($key in $rules.Keys) {

		$bag = $g_api.CreatePropertyBag()

		$bag.AddValue("ScheduleId",$rules.Item($key).ScheduleId)

		$bag.AddValue('AlertName', $key)

		$bag.AddValue('LastAlert', $rules.Item($key).LastAlert)

		$bag.AddValue('Status', $rules.Item($key).Status)

		$bag.AddValue('AgeMinutes', $rules.Item($key).AgeMinutes)

		if($traceLevel -eq $TRACE_DEBUG) {$g_API.AddItem($bag)}

		$bag

	}

	If ($traceLevel -eq $TRACE_DEBUG)

	{

		#just for debug proposes when launched from command line does nothing when run inside OpsMgr Agent	

		#it breaks in exception when run insde OpsMgr and POSH IDE	

		$g_API.ReturnItems() 

	}

	Log-Event $STOP_EVENT_ID $EVENT_TYPE_INFORMATION ("has completed successfully in " + ((Get-Date)- ($dtstart)).TotalSeconds + " seconds.") $TRACE_INFO

}

Catch [Exception] {

	Log-Event $FAILURE_EVENT_ID $EVENT_TYPE_WARNING ("Main " + $Error) $TRACE_WARNING	

	write-Verbose $("TRAPPED: " + $_.Exception.GetType().FullName); 

	Write-Verbose $("TRAPPED: " + $_.Exception.Message); 

}







</Script></ScriptBody>

          <Parameters>

            <Parameter>

              <Name>TraceLevel</Name>

              <Value>$Config/TraceLevel$</Value>

            </Parameter>

            <Parameter>

              <Name>clientId</Name>

              <Value>$Config/ClientId$</Value>

            </Parameter>

            <Parameter>

              <Name>Subscription</Name>

              <Value>$Config/SubscriptionId$</Value>

            </Parameter>

            <Parameter>

              <Name>Proxy</Name>

              <Value>$Config/Proxy$</Value>

            </Parameter>

            <Parameter>

              <Name>AuthBaseAddress</Name>

              <Value>$Config/AuthBaseAddress$</Value>

            </Parameter>

            <Parameter>

              <Name>ResourceBaseAddress</Name>

              <Value>$Config/ResourceBaseAddress$</Value>

            </Parameter>

            <Parameter>

              <Name>ADUsername</Name>

              <Value>$Config/AADUserName$</Value>

            </Parameter>

            <Parameter>

              <Name>ADPassword</Name>

              <Value>$Config/AADPassword$</Value>

            </Parameter>

            <Parameter>

              <Name>resourceURI</Name>

              <Value>$Config/ResourceURI$</Value>

            </Parameter>

            <Parameter>

              <Name>OMSAPIVersion</Name>

              <Value>$Config/OMSAPIVersion$</Value>

            </Parameter>

            <Parameter>

              <Name>Tolerance</Name>

              <Value>$Config/Tolerance$</Value>

            </Parameter>

          </Parameters>

          <TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

          <StrictErrorHandling>false</StrictErrorHandling>

          <!-- true only for Tasks -->

        </ProbeAction>

      </MemberModules>

      <Composition>

        <Node ID="POSH"/>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.PropertyBagData</OutputType>

  <InputType>System!System.BaseData</InputType>

</ProbeActionModuleType>