Monitor and Recover Stopped Automatic Services with OMS – Part 1

I was working with a customer recently and one of the asks was to configure OMS to monitor for stopped automatic services on servers throughout the environment.  My first thought was that we could easily use the data collected by the Configuration Tracking solution and configure queries to alert when a service is stopped.  Unfortunately, although Configuration Tracking is a great solution, for this purpose it did not meet the requirements due to the 1 hour data collection interval.  We needed to be notified of the critical service stopping as close to real-time as possible.  Plan B was to utilize Event ID 7024 and custom fields as we were already collecting the Application log.  However, during my testing on Windows Server 2012 R2, the only event logged to the Application log when a service was stopped manually was Event ID 1.  Further, what if a service just doesn’t start after reboot?   Once again, there may be no events logged as technically there could be no error. 

SO…although technically both of the other options could work in certain scenarios, in this particular case we needed something a bit more granular.  Time for some fun with PowerShell, Azure Automation and the Data Collector API!

Continue reading

Advertisements

Schedule an Azure Automation Runbook Using Minutes

I was working with a customer recently and we realized that when using the “Schedule” functionality the most granular re-occurrence interval available is 1 hour.  In this particular case, we needed to check service status every 5 minutes and send the data to OMS to alert and trigger a remediation runbook, so 1 hour would not suffice.  I had recently spoken with a member of the product group around a custom OMS solution and specifically remembered him saying that his runbook was running every 5 minutes….so I was off to investigate!

After a few minutes of searching, I was able to find some good information here.  Although the post referenced the Classic portal, the same basic process still applies and worked in my scenario.  By using a Scheduler Collection we can schedule at a much more granular interval.  I’ve outlined the process in the new portal below.

Continue reading

Create OMS Computer Groups Based on Operating System and Versions

I was working with a customer today and I was asked the question: “Why aren’t computers automatically grouped by OS (Linux and Windows) in OMS?  Further, if computers are not  automatically grouped by OS, is there an easy way to create this grouping?  Like SCOM, OMS is very flexible so my canned answer to questions like these is always “we can most likely make it happen”.  That said, I had not looked at his particular scenario so I was anxious to dig in and discover the answers for myself.

After a bit of investigation, I was happy to see that the new Heartbeat data does include fields for OSType, OSMajorVersion, and OSMinorVersion.  Using these fields we can very easily create computer groups based on OS and OS versions.  Nice!

Continue reading

OMS – Create a List of Assessment Recommendations For Alerting

I was working with a customer today to create OMS alerts utilizing the recommendations provided by the OMS AD Assessment solution.  During this working session, the customer requested a list of all AD Assessment recommendations so they could choose which individual workflows they wanted to configure for alerting.  After a few minutes of query design, the following query will accomplish this task.

Continue reading

Redesigned #MSOMS Log Search Page

I recently opened the OMS Log Search page to demonstrate a few queries and noticed that the page has changed quite a bit.  My first thought was, where did my saved queries go?  However, after a few seconds of browsing around, I was able to display all of my previously created saved queries by simply selecting the Favorites icon at the top left corner of the Log Search page.  Once you select this icon, the Saved Queries window will open on the right side of the search page.

2016-07-14_8-19-55.png

A few notes about this new Log Search page layout:

Continue reading