A common misconception many people have about MOM
2005 is that it will only monitor Microsoft environments. This is not the case
– and the good news is that it is really easy to configure MOM to monitor
systems such as routers, firewalls, Unix servers plus any application running
on a Windows server. Depending on your requirements, how much effort you want
to invest, and your budget there are a number of approaches that can be taken.
In this article, I give an overview of some of these approaches – this is
based on a presentation I gave at the NIMTUG IT Pro inaugural event, you can
download the slides from
A very simple method of being notified if a system
is unavailable is to use some VBScript which pings the monitored device. If the
ping times out, a MOM event is created. This script can be repetitively
scheduled (e.g. to run once a minute) using a MOM timed event rule. Finally
create a MOM alert rule to raise an alert on the MOM console (and optionally
email an operator) should the MOM event be found. There are plenty of examples
of this technique on the web, http://www.myitforum.com/articles/2/view.asp?id=8615
being one. This approach is useful in scenarios where you do not required
detailed information on the health of a device, but do need to be made aware if
it is not accessible on the network – such as an upstream router.
If you have devices that run a syslog service
(which means pretty much all flavours of Unix as a minimum) then getting syslog
information into MOM is easy. Configure the syslog daemon to forward messages
to your MOM server (e.g. to forward all messages, add the line *.*@[IP Address
of MOM server] to the syslog.conf file and restart the syslog process). Then
create a new provider within MOM and select the provider type as syslog.
Finally, create alert rules within MOM, using the syslog provider to raise
alerts based on text within the syslog data being sent.
Another option is to use SNMP. By installing SNMP
& the SNMP WMI Provider on your MOM server (do this by going into
add/remove programs, then select add/remove Windows components) you have the
capability to receive SNMP traps from other devices. Configure the appropriate
SNMP community and trap settings on the MOM server and the SNMP clients, then
create a new MOM WMI provider using the query “select * from from
snmpnotification” and set the provider to use the root\snmp\localhost
namespace. Once you have that in place, create alert rules to raise alerts
based on text within the SNMP traps received. I’ve used this technique
recently to get alerts when a datacentre UPS has reached a threshold of 20%
battery life remaining – once the SNMP data flows into MOM, it is easy to
review the text and build more complex rules and alerts based on specific
strings within the data.
If you want to use MOM to monitor the health of an
application running on a Windows server, a good approach is to create some
rules which look for specific events in the eventlog. As an example, a backup
application will generally log (as a minimum) if a backup has succeeded or
failed. By looking at the event log and familiarising yourself with the
information raised by the application, you can create an alert rule to look for
events based on event ID, source, and description and then create appropriate
responses if a match is found. A good walkthrough of how to do this is provided
by Commvault for their QiNetix product - http://www.commvault.com/mk/get/QINETIX_INT_MOM
- however the same rationale can be applied to any application which writes to
the Windows event log. This approach can be augmented by monitoring the status
of the application’s service. Each time the status of a service changes,
MOM is notified. Using this information, you can build an alert to tell you if
a specific service has been started, stopped, or had its startup type changed.
More information on how to do this is available at http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/837041c6-fc3c-4f8b-a425-e2fde78b142b.mspx.
It’s also worthwhile checking out the Management Pack Wizard, available
within the MOM Resource Kit (http://www.microsoft.com/mom/downloads/2005/reskit/default.mspx)
which can be used to automate the creation of a lot of these types of rules.
If you need more monitoring capability than the
above techniques provide, or if you need the benefit of inbuilt rules and
product knowledge, then check out the offerings provided by our partners in
this space. The management pack catalog (http://www.microsoft.com/management/mma/catalog.aspx)
is an up to date list of all the available management packs for MOM. A lot of
partners have developed management packs, agents and reports for a wide range
of devices and applications, ranging from mainframes to firewalls to SANs and
much more. Installing these packs is generally as simple as installing a Microsoft
management pack, meaning you are up and running in minutes.
Feel free to drop Colm a line if you want to drill
down deeper into this type of content – if there is sufficient demand we
can look at covering this in more detail at a future Technet event.
Today's "TOP 10" as seen by me!
10. New Microsoft MVP's were named today! You can see some of them as...
Join us today as we discuss The Vaccine Book b y Robert W. Sears. This is the second time that contributors of Silicon Valley Moms Blog , Chicago Moms Blog, DC Metro Moms Blog and NYC Moms Blog (along with the rest our friends throughout the blogsphere)