Recalculate health

-
The Recalculate Health button in SCOM is notoriously useless. After many years working with SCOM I have finally figured out how to add the code to get it working in some of my custom monitors. I hope to add different ones in the future.

I'm writing this blog so they are easy to find and you don't need to sift through management packs.

It's important to understand how these link together because there's quite a bit going on - maybe that's why most don't work, because it's more work/too hard. In general, start with the unit monitor then look at the monitor type. Within that you'll see the probe action it calls - it will only be a few lines - then look at the code for the probe.

Monitors with this feature

The monitors listed below have the ability to do on-demand health recalculation. Notice the different probes used and the type of data output. For now I have 3 types:
  • SQL query.
  • PowerShell script.
  • Registry query.
Awesome huh! This opens a lot of doors to more monitoring 👌.

VMware.CB.Monitor.AgentStatus

This runs a PowerShell script. It links to monitor type VMware.CB.MonitorType.AgentStatus which links to this probe action:

<ProbeAction ID="Probe" TypeID="VMware.CB.ProbeAction.AgentStatus">
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
</ProbeAction>

The probe runs a PowerShell script using the Windows!Microsoft.Windows.PowerShellPropertyBagTriggerOnlyProbe probe and outputs System!System.PropertyBagData.

Tenable.Nessus.Monitor.SQLAccess

This runs a SQL query. It links to monitor type Tenable.Nessus.MonitorType.SQLAccess which links to this probe action:

<ProbeAction ID="Probe" TypeID="Tenable.Nessus.ProbeAction.SQLAccess" />

The probe runs a SQL query using the System!System.OleDbProbe probe and outputs System!System.OleDbData.

Tenable.Nessus.Monitor.AgentInstall

This queries the registry. It links to monitor type Tenable.Nessus.MonitorType.AgentInstall which links to this probe action:

<ProbeAction ID="Probe" TypeID="Tenable.Nessus.ProbeAction.AgentStatus">
</ProbeAction>

The probe queries the registry using the Windows!Microsoft.Windows.RegistryTriggerProbe probe and outputs Windows!Microsoft.Windows.RegistryData.

Memory joggers

No real structure here, just some notes that might help.

  • You'll see this in the probe action. I'm guessing it links to hitting the button:

<TriggerOnly>true</TriggerOnly>

  • You'll see this in the probe action. No idea what it does:

<ProbeAction ID="PassThrough" TypeID="System!System.PassThroughProbe" />

  • You'll see this in each monitor type. See how similar these elements are, differences in red:

<RegularDetections>
<RegularDetection MonitorTypeStateID="RegKeyExists">
<Node ID="CDExists">
<Node ID="RegDS"/>
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID="RegKeyMissing">
<Node ID="CDMissing">
<Node ID="RegDS"/>
</Node>
</RegularDetection>
</RegularDetections>

Note: You will often see these in monitor types but they still don't seem to work. You need the probe action in the monitor type (above notes) and an actual probe action module.

<OnDemandDetections> <OnDemandDetection MonitorTypeStateID="RegKeyExists">
<Node ID="CDExists">
<Node ID="Probe" />
</Node>
</OnDemandDetection>
<OnDemandDetection MonitorTypeStateID="RegKeyMissing">
<Node ID="CDMissing">
<Node ID="Probe" />
</Node>
</OnDemandDetection>
</OnDemandDetections>

Comments

Post a Comment