Over a year ago I blogged about the proper syntax required to populate an alert description with data returned from a property bag. The syntax in the blog is correct but the idea of doing this confused some. I will describe below how to accomplish this with a rule using the following scenario.
Lets say you have an application that creates an event (we’ll use event 9999 as an example) when it has a certain problem. You want to get alerted when this event occurs, but you want to do some additional diagnostics before the alert is generated and populate the alert description with information collected from the diagnostics. I have put a diagram of this scenario below:
I have listed each step that I used to create this management pack below.
Step 1 – Create and name a new management pack in the Authoring Console
Step 2 – Create a new composite data source
Step 3 – Add the Microsoft.Windows.EventProvider member module to the data source
Step 4 – Configure the member module to look for an event id from the application event log where the id = a parameter that is passed in.
Step 5 – Add the Microsoft.Windows.ScriptPropertyBagProbe member module to the data source
Step 6 – Configure the member module to accept parameters for the script name, arguments, and script body. In my example I hard code the script timeout to 30 seconds but you can also make this configurable via a parameter.
Step 7 – Set the order of the member modules so the EventProvider runs first, the ScriptProvider runs second, and the Module Output is last.
Step 8 – Add all of the parameters that need to be passed into this data source. Your data source is now complete.
Step 9 – Create a new custom rule in the Authoring Console. I am targeting my rule to Microsoft.Windows.Computer for example purposes.
Step 10 – On the Modules tab, add our custom data source and then click “Edit” to configure the parameters we want to pass to this data source. My ScriptBody parameter contains a very simple VBScript that returns a string that I want to have appear in the alert description (“This is the information that I collected for my alert”). In the real world this string would obviously be additional useful information that was gathered by the vbscript. I use notepad as my XML editor so this is what my configuration looks like.
Step 11 – After the data source is configured go back to the Modules tab and add a new action of type System.Health.GenerateAlert. Once added click “Edit” and then “Configure” to pull up the Alerting User Interface. Now fill in the appropriate fields for the alert. Notice that the Alert description xpath is looking for the value in the property bag which is populated in the vbscript which we configured in the last step. After this step your rule should be created.
Step 12 – Import the MP and create an event of 9999 in the application event log on an agent
Step 13 – View the alert generated to ensure it contains the string from the VBScript
I hope this example helps explain how information from a property bag can appear in an alert description and might also be a good introduction to the authoring console for some. I have attached the MP that was created by these steps for your reference.