Skip to content
adatum
  •  SCOM Web API
  • About adatum
Site Search
Operations Manager

Hunting quick closing SCOM alerts

  • 12/10/201712/10/2017
  • by Martin Ehrnst

 

I had a feeling that we had alot of alerts that closed automatically, very quickly and without any interaction from automation. To get an overview I put together this SQL query to run against the Datawarehouse DB.

The query joins three views and extract the alert Guids, name, ManagedEntity (monitoring object) and alert name.


select Res.AlertGuid, Res.TimeFromRaisedSeconds, Alert.AlertName, Entity.ManagedEntityDefaultName, Entity.ManagedEntityGuid from Alert.vAlertResolutionState AS Res
INNER JOIN Alert.vAlert as Alert
on Res.AlertGuid = Alert.AlertGuid
INNER JOIN vManagedEntity AS Entity
on Alert.ManagedEntityRowId = Entity.ManagedEntityRowId
where Res.TimeFromRaisedSeconds < '30' AND Res.StateSetByUserId = 'System' AND ResolutionState = '255' AND Alert.RaisedDateTime >= DATEADD(day,-30, GETDATE())

 

With a little help from my DBA we ended up with this which also group alert name and count the # of alerts for each object

select
--Res.AlertGuid
--, Res.TimeFromRaisedSeconds
COUNT(*)
,Alert.AlertName
--, Entity.ManagedEntityDefaultName
, Entity.Path
, Entity.DisplayName
from Alert.vAlertResolutionState AS Res
INNER JOIN Alert.vAlert as Alert
on Res.AlertGuid = Alert.AlertGuid
INNER JOIN vManagedEntity AS Entity
on Alert.ManagedEntityRowId = Entity.ManagedEntityRowId
where Res.TimeFromRaisedSeconds < '49' AND Res.StateSetByUserId = 'System' AND ResolutionState = '255' AND Alert.RaisedDateTime >= DATEADD(day,-4, GETDATE())
GROUP BY AlertName, Path, DisplayName

For other useful SCOM SQL Queries, take a look at Kevin Holman’s blog

Share this:

  • LinkedIn
  • Twitter
  • Email
Automation

Activate Webasto diesel heater using OMS and Azure functions

  • 03/10/2017
  • by Martin Ehrnst

Looking at the above picture snow and winter is pretty awesome, but when you have to fire up your car outside your cabin in -15c (5f) you wish for summer. Not only is it extremely hard for your engine, but it’s also ridiculously cold to get inside the car! That’s why many cars in Norway are equipped with preheaters. A unit you can activate before starting or entering the car, heating up the engine (and in many cases the interior as well).
Just to put some numbers down, average temperature in Oslo January 2017 was -4.3, and coldest -12.6.

My child carrier, a Range Rover Sport, (one of Britains fines engineering that never fails) is equipped with a Webasto pre heater and controlled remotely by SMS command or an app. Communication is using WBUS, Webasto’s own language.

My goal in this post is to use data from the OMS Weather Data solution and Azure functions to automatically start my Webasto heater based on the observed temperature. I have to say, using the app directly way easier, but this is a very good opportunity to explore and play with cars, azure and automation.

 

Starting the heater

Many of these heaters and apps only communicate using SMS commands, but my heater controller can use internet connection as well, meaning there is an API of some sort it’s communicating with.

Using fiddler I found out how the app was communicating, replicating it using Powershell I ended up with this as a simple function to send commands to my heater. Typical commands are “cmd_heater_status” which asks for current status, and “cmd_time1:30,start” that starts the heater for 30 minutes.


To be honest, I wasn’t very pleased with the security here, but that’s something I will notify the company who make these controllers about.

Below is a typical output after requesting heater status.

heater : 1
gsm : 7
voltage : 12.0
h_temp : 25
flame : 0
date : 2017-10-1 19:13:9
valid : 1
status_date : 01/10
status_fdate : 01.10.2017
status_time : 21:13:09

Creating the Azure Function

After we have the basic functionality in place, we can add some logic to our script and create an Azure Function out of it. I have created a basic Powershell function below that accepts two input parameters. TempLow the temperature you have to be below to fire the heater, and heatingMinutes which is the number of minutes the heater will run.

The rest of the script is using our function above to request statuses and act upon our input and the heater response. I had to add sleep time within the script so that the Webasto controller had time process my commands.
Parameters like email-address and heaterId are defined as function environment variables

 

OMS / Log Analytics setup – query and alert.

Using data from the weather solution I created together with Cameron Fuller i created the following query to alert when observed temperature in Oslo is below a certain degree. This search is based on the new query language, Kusto. I reccommend everyone (including my self) to take a look at this Kusto cheet sheet.

YRno_CL | where LocationName_s == "Oslo" and TimeGenerated > ago(2h) | summarize AggregatedValue = avg(ObservedTemp_d) by bin(TimeGenerated, 15m), LocationName_s

Create an metric based alert based on the above query.

To kick off our Azure Function we set the alert to send a webhook with a custom json payload looking like this: (yes testing values)

{
"tempLow": "59",
"heatingMinutes": "40"
}

The test says webhook is sent successfully, and our function log confirms 🙂

 

Calm down John Snow, let winter come.

 

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure

OMS and SCOM announcements from Ignite 2017

  • 26/09/201729/09/2017
  • by Martin Ehrnst

Microsoft Ignite in Orlando has started, already on day one we got a lot of announcements and new features. In this post I will try to keep track of the updates on regarding monitoring and management. SCOM, OMS, Azure monitor etc.

Microsoft Operations Management Suite, Log Analytics, Azure Monitor

  • Azure Security Center for hybrid cloud.
  • Azure Monitor, near real-time alerts
  • New container monitoring solution
  • Using Log Analytics query across multiple workspaces
  • The OMS portal as we know it will be deprecated and everything integrated in to the Azure portal.

System Center Operations Manager

From the session “System Center : First look at advancements coming this year” held 26.09 we got the following annoucements regarding SCOM.

  • New release cadence.
    • System Center 1801 prieview early November. Release Q1 2018
  • Service Map integration
  • Windows Server 2016 SDDC monitoring
  • Improved Unix/Linux support
    • “setup improvements” hopefully a better way to deploy “manually”
    • Kerberos support
    • Log file monitoring with FluentD. Essentially this enables us to create monitors etc. based on logfiles as we can with Windows
  • SCOM 2016 HTML5 console
    • Improved diagnostics and drill down – this is huge for those who haven’t invested in third-party software
    • Custom widget support. Display other charts on your dashboard.
  • MP updates and recommendations (introduced in 2016) now supports 3rd party MPs. 56 partners with certified MPs are available.
  • Visual Studio Authoring Extension for VS 2017

Other interesting stuff

  • Planned Maintenance for Azure VM
  • Teams primary communication client for Office 365 (Not Skype)
  • Updates to cognitive services api
  • Azure Cost Management from Clouddyn
  • Azure Stack is shipping

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure

Resource health through Azure Rest API

  • 18/09/201714/11/2017
  • by Martin Ehrnst

As a part of a large monitoring project involving on prem, Azure and Office 365 I have started to explore the different methods on how to acquire all relevent data. Previously, I have written a post on how you authenticate against Microsoft’s partner center API which is a part of the same feasibility project.
Later down the road i will try to write a larger blog series on how we can monitor Microsoft Cloud and on-Prem resources. Hopefully it will be joyful…

This blog post will describe how you can use Powershell to authenticate and get availability status from all resource groups and their resources. If you’re not that interested in monitoring data, use this post as a guide on how to get started with the API and the rest is documented on the Azure API documentation pages.

High level overview:

  • Set up an Azure Active Directory Application to authenticate (not covered)
  • Build an authentication header with a token from Azure AD
  • Get all resource groups within a subscription
  • Get the availability of all resources within a resource group

 

Get Azure AD application token

After setting up/registering the application in Azure AD you will have to use the application ID and secret in order to generate an authentication token to use against Azure management Rest API’s. I have created a basic Powershell function you can use, including an example authentication header.

Get all resource groups and resources

Next we will grab all resource groups within a subscription, before looping through each resource group to get the individual resources.

Now that we have all resource group and all resources within we can use this to further get the resource health and availability. To be honest we don’t need to get RG before checking the resources it self, but as a starting point i find it very useful to have the resource groups and their resources available within my scripts.

 

Get the resource availability status

Now we have authenticated, grabbed all resource groups and their resources and it’s time to find our resource health. There are multiple ways on how to get this data, and we have to consider the methods we use. One limitation i hit pretty fast working with this is the number of subscription resource get requests, specified in the response header “x-ms-ratelimit-remaining-subscription-resource-requests: ” All limitations documentet,  here 

When you hit this limit every substantial requests is dropped. I have to rethink my whole monitoring scenario due to these limitations.

Get Resource health based on resource group

This let’s us get health state on all resources scoped to a resource group. If we reuse the data from previously (we have all resource groups within our subscription) we will get all resource group health this way.

Other examples are to get availability by Resource and the entire subscription

 

 

 

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure

Authenticate against Micrsoft Partner Center API using Powershell

  • 07/09/201714/11/2017
  • by Martin Ehrnst

If you’re not familiar with the Microsoft Cloud Service Provider program it’s in short a program to easier let service providers manage their customers tenants and subscriptions within Azure and Office 365 from a centralized platform.

Apart from a very limited web portal it have a set of API’s and SDK’s to build your own solutions – wich I assume is prefered from Microsoft and the service provider. For a project I needed to authenticate against the REST API using Powershell and then retrieve some information about each tenant, who would have thought that could be so much work

Here’s what I said.

That’s fine, I will have it to you in an hour.

For your reference, this is the API I am working with: Partner Center Swagger

An hour later I did have authentication in place, but I was unable to retrieve any information from our customers. After digging through the documentation I found that the customer endpoints required “App + User Authentication” where I had only authenticated with AppId and App Secret.

After spending too much time decifer the C# examples on how you authenticate with app and user against the CSP Rest API i finally had a working Powershell function.

These are the steps required

  • Generate a token from Azure AD by calling https://login.microsoft.com/tenant-name/oauth/token
    • Specified with the resource you want to access (partner center api), client id, username and password, correct grant type and scope
  • Use the AAD token to authenticate against partnercenter/generatetoken and recieve a correct User + App jwt_token
  • Use the jwt token to further authenticate against endpoints you preffer

If you ever find your self in a situation where you need to authenticate against the CSP REST API as app + user, here is a function to do it.

Be aware that the function does require a credential object, but when you atuhenticate against AAD the password is decoded and sent in the post request.

Share this:

  • LinkedIn
  • Twitter
  • Email

Posts navigation

1 2 3 4 5 6 … 12

Top Posts

  • Web API for System Center Operations Manager
  • SCOM 1801 REST API Interfaces
  • SCOMpercentageCPUTimeCounter cause CPU Spike
  • About adatum
  • Script to add SCOM agent management group

Recent Comments

  • Harish on Web API for System Center Operations Manager
  • Creating a serverless application with Powershell: Introduction | adatum on Serverless application with PowerShell: Azure Event Grid
  • Serverless application with PowerShell: Azure Event Grid | adatum on Creating a serverless application with Powershell: Introduction
  • Lucas Alvarez Lacasa on Resource health through Azure Rest API
  • Martin Ehrnst on Resource health through Azure Rest API

Archives

  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • June 2017
  • May 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • January 2016
  • September 2015
  • August 2015
  • June 2015
  • April 2015
  • March 2015

Categories

  • Automation
  • Azure
  • Azure Active Directory
  • Community
  • Conferences
  • CSP Monitoring
  • DevOps
  • MPAuthoring
  • OMS
  • Operations Manager
  • Powershell
  • Uncategorised
  • Windows Admin Center
  • Windows Server
Adatum.no use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie Policy
Theme by Colorlib Powered by WordPress
  • SCOM Web API
  • About adatum
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.