Discussion:
Alert Suppression question
(too old to reply)
Nick Madge
2007-05-03 15:33:00 UTC
Permalink
I'm really struggling with AD replication - but i think this is more of a
general question, as i'd like to manipulate more than just AD alerts..

My current issue lies with the "A problem has been detected with the trust
relationship between two domains" rule. I have more than two domains here,
however only care about the trust relationship between two of them.
How do i tell this rule to ignore alerts which concern the domain i'm not
monitoring?
The Alert Suppression is greyed out, presumably because it's sealed, however
I can't override it. Do i have to hack the XML?
Presumably i'd still get the monitor alert for this regardless of what i do
to the rule..

It's all very frustrating!

If anyone
Nick Madge
2007-05-03 16:21:03 UTC
Permalink
Just to clarify, i'm looking to ignore alerts with specific information in
the Event Description in this instance.
Post by Nick Madge
I'm really struggling with AD replication - but i think this is more of a
general question, as i'd like to manipulate more than just AD alerts..
My current issue lies with the "A problem has been detected with the trust
relationship between two domains" rule. I have more than two domains here,
however only care about the trust relationship between two of them.
How do i tell this rule to ignore alerts which concern the domain i'm not
monitoring?
The Alert Suppression is greyed out, presumably because it's sealed, however
I can't override it. Do i have to hack the XML?
Presumably i'd still get the monitor alert for this regardless of what i do
to the rule..
It's all very frustrating!
If anyone
Jakub Oleksy [MSFT]
2007-05-03 18:08:15 UTC
Permalink
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert, is the
source the same?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
Just to clarify, i'm looking to ignore alerts with specific information in
the Event Description in this instance.
Post by Nick Madge
I'm really struggling with AD replication - but i think this is more of a
general question, as i'd like to manipulate more than just AD alerts..
My current issue lies with the "A problem has been detected with the trust
relationship between two domains" rule. I have more than two domains here,
however only care about the trust relationship between two of them.
How do i tell this rule to ignore alerts which concern the domain i'm not
monitoring?
The Alert Suppression is greyed out, presumably because it's sealed, however
I can't override it. Do i have to hack the XML?
Presumably i'd still get the monitor alert for this regardless of what i do
to the rule..
It's all very frustrating!
If anyone
Nick Madge
2007-05-03 19:55:12 UTC
Permalink
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla

On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert, is the
source the same?
Jakub Oleksy [MSFT]
2007-05-03 20:50:25 UTC
Permalink
Yeah, you could potentially go about writing your own rule which is more
custom for you environment. Simply disable this rule entirely and make a
copy of it in your own non-sealed MP. You could then do some sort of
filtering on the data items and only create alerts on the links you want.
Does this make sense? Which management pack is the rule you are referring to
in?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla
On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert, is the
source the same?
Anders Bengtsson
2007-05-04 04:28:30 UTC
Permalink
Hi

A rule that generate an alert when alert desciption not include wildcard
"other-domain" would solve it.
Then you would get an alert for your own domain but not for that other domain.

copy, paste the org rule and then disable it and modify your own copy.


---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

J> Yeah, you could potentially go about writing your own rule which is
J> more custom for you environment. Simply disable this rule entirely
J> and make a copy of it in your own non-sealed MP. You could then do
J> some sort of filtering on the data items and only create alerts on
J> the links you want. Does this make sense? Which management pack is
J> the rule you are referring to in?
J>
J> "Nick Madge" <***@nothanks.net> wrote in message
J> news:***@4ax.com...
J>
Post by Nick Madge
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no
way to customise these rules, which is very frustrating, as not all
environments are vanilla
On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that
you
don't
want it to create alerts in. For the various instances of this
alert, is
the
source the same?
Nick Madge
2007-05-04 08:02:01 UTC
Permalink
Thanks Jakub appreciate the response.
I'm happy to make my own rule, just wanted clarification that i needed to :)

Thanks again,

Nick
Post by Jakub Oleksy [MSFT]
Yeah, you could potentially go about writing your own rule which is more
custom for you environment. Simply disable this rule entirely and make a
copy of it in your own non-sealed MP. You could then do some sort of
filtering on the data items and only create alerts on the links you want.
Does this make sense? Which management pack is the rule you are referring to
in?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla
On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert, is the
source the same?
Nick Madge
2007-05-04 09:13:00 UTC
Permalink
Thanks Jakub,

I've disabled the rule ("problem with trusts"), and created a new one in a
new AD MP. However, there is a monitor which handles state for this, which I
will also need to disable, but I have no idea of the WMI query it's making.
Is this documented anywhere, so I can replicate it?

Nick
Post by Jakub Oleksy [MSFT]
Yeah, you could potentially go about writing your own rule which is more
custom for you environment. Simply disable this rule entirely and make a
copy of it in your own non-sealed MP. You could then do some sort of
filtering on the data items and only create alerts on the links you want.
Does this make sense? Which management pack is the rule you are referring to
in?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla
On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert, is the
source the same?
Jakub Oleksy [MSFT]
2007-05-04 17:27:09 UTC
Permalink
If you export the monitor, is the query not in the configuration? Which
monitor is it? (sorry, the AD MP is not something I know much about)
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
Thanks Jakub,
I've disabled the rule ("problem with trusts"), and created a new one in a
new AD MP. However, there is a monitor which handles state for this, which I
will also need to disable, but I have no idea of the WMI query it's making.
Is this documented anywhere, so I can replicate it?
Nick
Post by Jakub Oleksy [MSFT]
Yeah, you could potentially go about writing your own rule which is more
custom for you environment. Simply disable this rule entirely and make a
copy of it in your own non-sealed MP. You could then do some sort of
filtering on the data items and only create alerts on the links you want.
Does this make sense? Which management pack is the rule you are referring to
in?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla
On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert,
is
the
source the same?
Nick Madge
2007-05-07 16:45:12 UTC
Permalink
Hey Jakub,

thanks for bearing with me! :)

How do i export the monitors? I can't export the MP, as it's sealed,
and I don't see any option to export individual monitors (how i wish
there was one.)

Thanks again,

Nick

On Fri, 4 May 2007 10:27:09 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
If you export the monitor, is the query not in the configuration? Which
monitor is it? (sorry, the AD MP is not something I know much about)
Nick Madge
2007-05-09 11:31:02 UTC
Permalink
Is there any more on this yet?
The area around monitors feels very "black-box" to me, with little or no
indication as to what it's actually doing. Is there a way to export monitors,
and see how they work, so I can make them work in non-vanilla enviroments?

Thanks
Post by Jakub Oleksy [MSFT]
If you export the monitor, is the query not in the configuration? Which
monitor is it? (sorry, the AD MP is not something I know much about)
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
Thanks Jakub,
I've disabled the rule ("problem with trusts"), and created a new one in a
new AD MP. However, there is a monitor which handles state for this, which I
will also need to disable, but I have no idea of the WMI query it's making.
Is this documented anywhere, so I can replicate it?
Nick
Post by Jakub Oleksy [MSFT]
Yeah, you could potentially go about writing your own rule which is more
custom for you environment. Simply disable this rule entirely and make a
copy of it in your own non-sealed MP. You could then do some sort of
filtering on the data items and only create alerts on the links you want.
Does this make sense? Which management pack is the rule you are referring to
in?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.
Post by Nick Madge
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla
On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
Post by Jakub Oleksy [MSFT]
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert,
is
the
source the same?
unknown
2009-10-15 19:42:59 UTC
Permalink
http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/16/unsealing-a-management-pack.aspx

Have fun, it works great!



NickMadg wrote:

Re: Alert Suppression question
09-May-07

Is there any more on this yet?
The area around monitors feels very "black-box" to me, with little or no
indication as to what it's actually doing. Is there a way to export monitors,
and see how they work, so I can make them work in non-vanilla enviroments?

Thanks

"Jakub Oleksy [MSFT]" wrote:

Previous Posts In This Thread:

On Thursday, May 03, 2007 11:33 AM
NickMadg wrote:

Alert Suppression question
I'm really struggling with AD replication - but i think this is more of a
general question, as i'd like to manipulate more than just AD alerts..

My current issue lies with the "A problem has been detected with the trust
relationship between two domains" rule. I have more than two domains here,
however only care about the trust relationship between two of them.
How do i tell this rule to ignore alerts which concern the domain i'm not
monitoring?
The Alert Suppression is greyed out, presumably because it's sealed, however
I can't override it. Do i have to hack the XML?
Presumably i'd still get the monitor alert for this regardless of what i do
to the rule..

It's all very frustrating!

If anyone

On Thursday, May 03, 2007 12:21 PM
NickMadg wrote:

RE: Alert Suppression question
Just to clarify, i'm looking to ignore alerts with specific information in
the Event Description in this instance.



"Nick Madge" wrote:

On Thursday, May 03, 2007 2:08 PM
Jakub Oleksy [MSFT] wrote:

Re: Alert Suppression question
The only way to do this is to disable the rule in the context that you don't
want it to create alerts in. For the various instances of this alert, is the
source the same?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.

"Nick Madge" <***@discussions.microsoft.com> wrote in message news:5036E52C-F1A8-4336-9B73-***@microsoft.com...

On Thursday, May 03, 2007 3:55 PM
Nick Madge wrote:

Re: Alert Suppression question
That's my problem - I can't disable the rule, as there are other
trusts that I do want monitoring from that object. There's just no way
to customise these rules, which is very frustrating, as not all
environments are vanilla

On Thu, 3 May 2007 11:08:15 -0700, "Jakub Oleksy [MSFT]"
<***@online.microsoft.com> wrote:

On Thursday, May 03, 2007 4:50 PM
Jakub Oleksy [MSFT] wrote:

Re: Alert Suppression question
Yeah, you could potentially go about writing your own rule which is more
custom for you environment. Simply disable this rule entirely and make a
copy of it in your own non-sealed MP. You could then do some sort of
filtering on the data items and only create alerts on the links you want.
Does this make sense? Which management pack is the rule you are referring to
in?
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.

"Nick Madge" <***@nothanks.net> wrote in message news:***@4ax.com...

On Friday, May 04, 2007 4:02 AM
NickMadg wrote:

Re: Alert Suppression question
Thanks Jakub appreciate the response.
I'm happy to make my own rule, just wanted clarification that i needed to :)

Thanks again,

Nick

"Jakub Oleksy [MSFT]" wrote:

On Friday, May 04, 2007 5:13 AM
NickMadg wrote:

Re: Alert Suppression question
Thanks Jakub,

I've disabled the rule ("problem with trusts"), and created a new one in a
new AD MP. However, there is a monitor which handles state for this, which I
will also need to disable, but I have no idea of the WMI query it's making.
Is this documented anywhere, so I can replicate it?

Nick

"Jakub Oleksy [MSFT]" wrote:

On Friday, May 04, 2007 1:27 PM
Jakub Oleksy [MSFT] wrote:

Re: Alert Suppression question
If you export the monitor, is the query not in the configuration? Which
monitor is it? (sorry, the AD MP is not something I know much about)
--
Jakub Oleksy
Developer
Blog: http://blogs.msdn.com/jakuboleksy/
Log a bug or Feature Request directly to the SCOM Product Team by going to
http://connect.microsoft.com/site/sitehome.aspx?SiteID=209. This posting is
provided "AS IS" with
no warranties, and confers no rights.

"Nick Madge" <***@discussions.microsoft.com> wrote in message news:812B3158-B389-4636-B44D-***@microsoft.com...

On Monday, May 07, 2007 12:45 PM
Nick Madge wrote:

Re: Alert Suppression question
Hey Jakub,

thanks for bearing with me! :)

How do i export the monitors? I can't export the MP, as it's sealed,
and I don't see any option to export individual monitors (how i wish
there was one.)

Thanks again,

Nick

On Fri, 4 May 2007 10:27:09 -0700, "Jakub Oleksy [MSFT]"
<***@online.microsoft.com> wrote:

On Wednesday, May 09, 2007 7:31 AM
NickMadg wrote:

Re: Alert Suppression question
Is there any more on this yet?
The area around monitors feels very "black-box" to me, with little or no
indication as to what it's actually doing. Is there a way to export monitors,
and see how they work, so I can make them work in non-vanilla enviroments?

Thanks

"Jakub Oleksy [MSFT]" wrote:

EggHeadCafe - Software Developer Portal of Choice
Analyzing the .NET Framework 2.0 with NDepend and CQL
http://www.eggheadcafe.com/tutorials/aspnet/cb1ad2c9-48a3-456d-ac2e-e974e6d5cc8e/analyzing-the-net-framew.aspx
Loading...