In most cases the parameters that are transferred from SCOM and the other event sources to Enterprise Alert include all the relevant information to be used in the alert policies. However, in some cases additional or custom parameters are required.
The following example shows how to add additional event parameters for SCOM events, but this applies to other connectors in the same way.
If you have a look in the XML part of a SCOM event you see all the event parameters coming from SCOM. In some cases there are additional parameters needed in policies, e.g. if you need a certain Alert ID from SCOM.
The next steps will show you, how to add these parameters:
1. Create a backup of your Enterprise Alert database
2. Change an option in the database table for the respective Enterprise Alert connector
3. Restart the Windows Service of Enterprise Alert
4. After this you are able to create a new parameter in the conditions for the alert policy
Create a backup of your Enterprise Alert database
In the first step you should create a backup of your Enterprise Alert database to be able to roll back in case of an issues.
Change an option in the database table for the Enterprise Alert connectors
To enable a new parameter, that is not part of the default list, you have to set a permission in the database table for the connectors. Therefore you have to sign in to the Enterprise Alert database, choose the table “EventProviders” and change the value in the row “Options” from 16 to 18 for the “MOM Connector” which represents SCOM, as shown in the figure below.
Restart the Windows Service of Enterprise Alert
You have to restart the Windows Service of Enterprise Alert, to let the changes take effect. Therefore, you have to open the “Services” window and restart the “Enterprise Alert® 2015 Server” service. After the restart, you should be able to create a new parameter.
Create a new parameter
In the next step you can create a new parameter. In the Enterprise Alert Web portal go to “Alerts” à “Alert Policies” and chose an existing alert policy or create a new one and note that the “Event Source” is “System Center Operations Manager”. When setting up the “Conditions” you are now able to choose the item “<<Create New Parameter>>” from the parameter list and enter a new parameter as shown in the figure below. Please note, the parameter is case sensitive.
Now you are able to use the new parameter in your alert policy under “Conditions” and “Message”.
Other details
· Note that the parameters are case sensitive. That means “AlertID” is not the same as “alertid”, for example.
o In the case that you mistyped the new parameter, you are able to edit it in the table “EventParameters”.
· Generally you can also expand other connectors like HP NNMi, IBM Tivoli, etc., if you change the “Options” value from 16 to 18 in “EventProvider” as shown above.
Thanks for preparing this article go to Jens Klinger.