Configuring the "MOM Auditing Scripts"

Somebody pinged me today to ask where the MOM Auditing Scripts posted to this blog should be run (Good question!), and indeed I have been remiss in clarifying that particular item. I am running mine on my MOM Database Server. The original intention was to run from the Management Server, but that could end up in duplicate events if you have multiple management servers and the scripts wind up running in both places. So, because the scripts are simply querying and parsing values from various tables in Onepoint on a pretty infrequent basis, running them on the database server cuts right to the chase and doesn't seem to impact performance. Likewise, I have failed to mention that the script contains a constant that defines your database server. In each script, the constant is the same, and very near the top of the script: SQL_DSN="Replace_with_Your_MOM_Database_ServerName. (These are the quick-and-dirty versions. This will become a variable fed from a script parameter in the final version) Errata: -Updated event severity in all scripts to generate warning events when audited changes are found. -Cleaned up a problem with the connection string in the Audit Rule / Rule Changes script. Again, the scripts can be found here Audit Global Settings Audit Rule / Rule Group Changes (props to Jesse Harris) Audit Task Creation Setup Instructions: So to configure these scripts. Follow the steps below. (If you'd like to shorten the process, just ping me on my gmail account and I'll send you an .akm file) Add the scripts to MOM: 1. In the Administrator Console, Scripts node, add each of the MOM Auditing Scripts. Language=VBScript Create a custom rule group: 2. Create a separate rule subgroup to place these scripts. (I personally have a top level rulegroup called CUSTOM, and a subgroup called MOM AUDITING) 3. Associate the Microsoft Operations Manager 2005 Databases group with this rule subgroup 4. Create your timed event rules for each script to run the script every 1 hr (or 60 min if you prefer), and associate a script with each rule. And finally, how to generate alerts from these scripts? Well, when no changes are detected, these scripts generate an Information event. However, when they do detect a change, a Warning event is generated. So to generate an Alert 5. Create an Event Rule in the same Rule Subgroup. This will generate alerts for any of the event rules. Here are the steps you'd take when stepping through the wizard. Right click Event Rules in the MOM AUDITING rule subgroup and select: Create Event Rule Alert on or Respond to Event. Click Next Data Provider - Provider Name 'Script-generated Data. Click Next Criteria - Select of Type 'Warning'. Click Next Schedule - Always process data. Click Next Alert - Generate Alert, set Alert Severity=Warning. Click Next Alert Suppression - Select Suppress Duplicate Alerts, and leave default values. Click Next Responses - Add the response of your choice. I just send e-mail. Click Next. Then Next again past Company Knowledge. General- Give the rule a name, such as 'Alert on Warning Event'. Then click Finish. 6. Repeat step 5 again, this time setting severity to Error. That will catch any script failures you may encounter in getting this setup. I'll roll this in with some additional rules, reports and documentation into an official management pack in the near future. Feedback is appreciated. Please give these a try and let me know what you think.