Blog Archive

Sunday, January 29, 2017

Zabbix alerts in SCOM console

Do you have in your environment Zabbix and SCOM monitoring solutions? Do you want to have one single point of view on your infrastructure through SCOM console? Do you want to integrate it with MS System Center technologies? Then this blog post is the right one for you.


Overall solution is build on top of SC Orchestrator, which is sitting in the middle between Zabbix monitoring server and SCOM server. The integration idea is:
  • Every alert raised in Zabbix is forwarded to the SCOM console for centralized viewing
  • If alert is closed in Zabbix, appropriate SCOM alert is closed as well
  • If somebody accidentally close Zabbix alert in SCOM console, synchronization will open again the same alert in SCOM


So lets go to the solution
At first we need to prepare Orchestrator. It will have two interfaces:
  1. For interactions with SCOM we are going to use System Center Integration Packs (in my case I used 2016 version). Please note that SCOM integration pack does not require SCOM console installed on Orchestrator server any more. From this integration pack we will be using following activities:
    • Create Alert
    • Get Alert
    • Update Alert
  2. For interactions with Zabbix there is no Out of the box integration component, so we will use PowerShell as universal solution :) Zabix has nice Web based API, which is using JSON-RPC 2.0 protocol and it is not very difficult to use PowerShell for talking to it.




Monitor Date/Time activity is using to trigger my runbook every minute.
In Zabbix Alerts I'm calling PowerShell script to talk to Zabbix via JSON-RPC and grabbing all new and updated alerts.
Activity Get Alert Properties is publishing all useful information about alert to the Orchestrator data bus.
Activity Get Existing Alert is checking if such Zabbix alert already exists in SCOM console. If not, I'm creating new one with separate runbook (for parallelism and speed purposes). That separate runbook is very simple:




To be sure that Zabbix alert does not exists in SCOM, I'm flagging every SCOM alert with Zabbix alert id (putting it to the extended attribute 1 of SCOM alert).


The last two activities in main runbook are for updating existing SCOM alert. One is for closing existing SCOM alert, after it is closed in Zabbix. The second activity is for reopening SCOM alert. It is useful if somebody accidentally closed SCOM alert but alert in Zabbix is still opened.


Just to give you the idea how to communicate with Zabbix with PowerShell, this is part of my script
Note: password is here in text form, but in production you will use encrypted Orchestrator variables.
The result of this script is getting Token from Zabbix, which you are using in next communication wit Zabbix.
Example of token:


After this simple synchronization solution, you will be able to see in your SCOM console also Zabbix alerts as well.




Issues
I had problem with Orchestrator activity for creating alerts. It was failing with error: Failed to create alert. The exception was "Cannot load the management pack from the specified sealed assembly file: C:\Program Files (x86)\Common Files\Microsoft System Center 2012\Orchestrator\Extensions\Support\SCOM2012\Microsoft.SystemCenter.Orchestrator.Integration.Library.mp." For resolution I manually imported Microsoft.SystemCenter.Orchestrator.Integration.Library.mp from SC 2012 R2 integration pack directly to SCOM and activity started working like a charm.


For correct working PowerShell activities in Orchestrator I used registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework with new DWORD entry and value of OnlyUseLatestCLR = 1. With this setting my Run .NET activity is using latest available PowerShell on the host.


For PowerShell cmdlet Invoke-WebRequest you can have problem if you have not disabled First Run Wizard in IE. For disabling I'm using this GPO setting: Computer Configuration - Policies - Administrative Templates - Windows Components - Internet Explorer. Set the policy Prevent running First Run Wizard to Enabled.


If you have similar needs in your environment, grab me an email and I will be more than happy to help you.





8 comments:

  1. Hi can you share the runbook created to test it

    ReplyDelete
  2. Hi there

    I need to do a similar thing. Can you please reach out to me and maybe send me the runbook?

    Thanks in advance.

    ReplyDelete
  3. Hi thanks you for you post,

    i'm trying to do the same thing as you and i'm struggeling with the script for the API.

    By any chance, can you share me your runbook ? it'll make my life easier ;)

    Regards

    ReplyDelete
  4. Hello,

    I was wondering if you can share your runbook. I too am struggling with the script for the API.

    ReplyDelete
  5. hello. Can you help please ? Need to show zabbix alerts in SCOM. I use you script to getting Token, But I don`t know what I must do with this token. Help please

    ReplyDelete
  6. Greetings.
    Can you please help?
    I have the same integration task.
    With the help of PowerShell I get a list of active warnings, I use trigger.get.
    Can you please give a hint, help with useful links or send your version of the integration, I will try to do it by analogy?

    ReplyDelete
  7. would be great to share the scripts in a format that they are possible to download e.g. TXT files instead copy/past from a picture. Best Matthias (MSFT Veteran)

    ReplyDelete