Overall solution is build on top of SC Orchestrator, which is sitting in the middle between Zabbix monitoring server and SCOM server. The integration idea is:
- Every alert raised in Zabbix is forwarded to the SCOM console for centralized viewing
- If alert is closed in Zabbix, appropriate SCOM alert is closed as well
- If somebody accidentally close Zabbix alert in SCOM console, synchronization will open again the same alert in SCOM
So lets go to the solution
At first we need to prepare Orchestrator. It will have two interfaces:
- For interactions with SCOM we are going to use System Center Integration Packs (in my case I used 2016 version). Please note that SCOM integration pack does not require SCOM console installed on Orchestrator server any more. From this integration pack we will be using following activities:
- Create Alert
- Get Alert
- Update Alert
- For interactions with Zabbix there is no Out of the box integration component, so we will use PowerShell as universal solution :) Zabix has nice Web based API, which is using JSON-RPC 2.0 protocol and it is not very difficult to use PowerShell for talking to it.
Monitor Date/Time activity is using to trigger my runbook every minute.
In Zabbix Alerts I'm calling PowerShell script to talk to Zabbix via JSON-RPC and grabbing all new and updated alerts.
Activity Get Alert Properties is publishing all useful information about alert to the Orchestrator data bus.
Activity Get Existing Alert is checking if such Zabbix alert already exists in SCOM console. If not, I'm creating new one with separate runbook (for parallelism and speed purposes). That separate runbook is very simple:
To be sure that Zabbix alert does not exists in SCOM, I'm flagging every SCOM alert with Zabbix alert id (putting it to the extended attribute 1 of SCOM alert).
The last two activities in main runbook are for updating existing SCOM alert. One is for closing existing SCOM alert, after it is closed in Zabbix. The second activity is for reopening SCOM alert. It is useful if somebody accidentally closed SCOM alert but alert in Zabbix is still opened.
Just to give you the idea how to communicate with Zabbix with PowerShell, this is part of my script
The result of this script is getting Token from Zabbix, which you are using in next communication wit Zabbix.
Example of token:
After this simple synchronization solution, you will be able to see in your SCOM console also Zabbix alerts as well.
Issues
I had problem with Orchestrator activity for creating alerts. It was failing with error: Failed to create alert. The exception was "Cannot load the management pack from the specified sealed assembly file: C:\Program Files (x86)\Common Files\Microsoft System Center 2012\Orchestrator\Extensions\Support\SCOM2012\Microsoft.SystemCenter.Orchestrator.Integration.Library.mp." For resolution I manually imported Microsoft.SystemCenter.Orchestrator.Integration.Library.mp from SC 2012 R2 integration pack directly to SCOM and activity started working like a charm.
For correct working PowerShell activities in Orchestrator I used registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework with new DWORD entry and value of OnlyUseLatestCLR = 1. With this setting my Run .NET activity is using latest available PowerShell on the host.
For PowerShell cmdlet Invoke-WebRequest you can have problem if you have not disabled First Run Wizard in IE. For disabling I'm using this GPO setting: Computer Configuration - Policies - Administrative Templates - Windows Components - Internet Explorer. Set the policy Prevent running First Run Wizard to Enabled.
If you have similar needs in your environment, grab me an email and I will be more than happy to help you.