A common misconception many people have about MOM 2005 is that it will only monitor Microsoft environments. This is not the case – and the good news is that it is really easy to configure MOM to monitor systems such as routers, firewalls, Unix servers plus any application running on a Windows server. Depending on your requirements, how much effort you want to invest, and your budget there are a number of approaches that can be taken. In this article, I give an overview of some of these approaches – this is based on a presentation I gave at the NIMTUG IT Pro inaugural event, you can download the slides from

http://nimtug.org/files/default.aspx.

 

A very simple method of being notified if a system is unavailable is to use some VBScript which pings the monitored device. If the ping times out, a MOM event is created. This script can be repetitively scheduled (e.g. to run once a minute) using a MOM timed event rule. Finally create a MOM alert rule to raise an alert on the MOM console (and optionally email an operator) should the MOM event be found. There are plenty of examples of this technique on the web, http://www.myitforum.com/articles/2/view.asp?id=8615 being one. This approach is useful in scenarios where you do not required detailed information on the health of a device, but do need to be made aware if it is not accessible on the network – such as an upstream router.

 

If you have devices that run a syslog service (which means pretty much all flavours of Unix as a minimum) then getting syslog information into MOM is easy. Configure the syslog daemon to forward messages to your MOM server (e.g. to forward all messages, add the line *.*@[IP Address of MOM server] to the syslog.conf file and restart the syslog process). Then create a new provider within MOM and select the provider type as syslog. Finally, create alert rules within MOM, using the syslog provider  to raise alerts based on text within the syslog data being sent.

 

Another option is to use SNMP. By installing SNMP & the SNMP WMI Provider on your MOM server (do this by going into add/remove programs, then select add/remove Windows components) you have the capability to receive SNMP traps from other devices. Configure the appropriate SNMP community and trap settings on the MOM server and the SNMP clients, then create a new MOM WMI provider using the query “select * from from snmpnotification” and set the provider to use the root\snmp\localhost namespace. Once you have that in place, create alert rules to raise alerts based on text within the SNMP traps received. I’ve used this technique recently to get alerts when a datacentre UPS has reached a threshold of 20% battery life remaining – once the SNMP data flows into MOM, it is easy to review the text and build more complex rules and alerts based on specific strings within the data.

 

If you want to use MOM to monitor the health of an application running on a Windows server, a good approach is to create some rules which look for specific events in the eventlog. As an example, a backup application will generally log (as a minimum) if a backup has succeeded or failed. By looking at the event log and familiarising yourself with the information raised by the application, you can create an alert rule to look for events based on event ID, source, and description and then create appropriate responses if a match is found. A good walkthrough of how to do this is provided by Commvault for their QiNetix product - http://www.commvault.com/mk/get/QINETIX_INT_MOM - however the same rationale can be applied to any application which writes to the Windows event log. This approach can be augmented by monitoring the status of the application’s service. Each time the status of a service changes, MOM is notified. Using this information, you can build an alert to tell you if a specific service has been started, stopped, or had its startup type changed. More information on how to do this is available at http://www.microsoft.com/technet/prodtechnol/mom/mom2005/Library/837041c6-fc3c-4f8b-a425-e2fde78b142b.mspx. It’s also worthwhile checking out the Management Pack Wizard, available within the MOM Resource Kit (http://www.microsoft.com/mom/downloads/2005/reskit/default.mspx) which can be used to automate the creation of a lot of these types of rules.

 

If you need more monitoring capability than the above techniques provide, or if you need the benefit of inbuilt rules and product knowledge, then check out the offerings provided by our partners in this space. The management pack catalog (http://www.microsoft.com/management/mma/catalog.aspx) is an up to date list of all the available management packs for MOM. A lot of partners have developed management packs, agents and reports for a wide range of devices and applications, ranging from mainframes to firewalls to SANs and much more. Installing these packs is generally as simple as installing a Microsoft management pack, meaning you are up and running in minutes.

 

Feel free to drop Colm a line if you want to drill down deeper into this type of content – if there is sufficient demand we can look at covering this in more detail at a future Technet event.