Integrating NetCrunch with SCOM

In this article you will learn how to integrate NetCrunch with SCOM in under an hour. It will guide you through the configuration of both NetCrunch and SCOM.

Integrating two complex network management systems can be very hard and time consuming, but with NetCrunch you can achieve it within half an hour.

In this document you will learn how to configure NetCrunch to monitor temperature on APC Smart-UPS RT 6000 RM XL, generate an event when the temperature is too high and send it to your existing SCOM environment. It will require some initial configuration but based on this use case you can create more rules on your own.

SCOM side configuration:

1. Enter the Authoring (1) section, click on Rules (2) and create a new rule (3).

2. Expand Event Based rules, and choose Syslog(alert) (4) then choose desired management pack (5).

3. Enter the rule name, (6) and Select Rule Target (7) - In this case - Windows Server

4. Insert New Expression - As an example we will generate events on received syslog messages from NetCrunch with severity = Critical

5. Change the Description(8), add new Data (9) and choose Message (10) - It will allow SCOM to display messages generated by NetCrunch.

6. After New Rule is saved and applied - SCOM is now ready to receive syslogs from Netcrunch to generate alerts.

Addition: Please take note that rules specified to generate alerts can be much more complex than presented example, please create more detail rules, if you want to filter unwanted messages.

NetCrunch side configuration:

Create new Alerting Script

1. Go to Tools -> Alerting&Reporting -> Predefined Alerting Scripts

2. Create a new Alerting Script(1) and name it Syslog for SCOM(2)

3. Add an action to run immediately(3) go to Logging(4) and select Send Syslog Message(5)

4. Enter your SCOM server address (6) and select severity critical (7)

5. Save the alerting script

Modify Alerting Message Format

1. Go to Tools -> Alerting&Reporting -> Alerting Message Format

2. Click Message Definition(1) tab and go to Syslog(2), now click Edit(3)

3. Go to Message tab and click Insert Event Parameter(4)

4. Add parameters from the drop down list $Properties.Address (5) and $Properties.HostName(6). This will add an IP address and host name of node causing event to the Syslog message.

5. Click OK to save the definition

Create a new Monitoring Pack

1. Go to Tools -> Alerting&Reporting -> Settings

2. Go to Hardware/Other(1) tab, click New Monitoring Pack(2) and select Monitoring Pack(3)

3. Name your Monitoring Pack(4) and go to Alerting & Reporting tab(5), click Add Alert(6)

4. Go to SNMP tab and click Create New Event Trigger for SNMP Performance Counter

5. Now click select counter(9) and choose the counter you would like to monitor. In our case 1.3.6.1.4.1.318.1.1.10.2.3.2.1.4 (10) - you can browse a MIB(11) file to find it or enter the OID. You can choose an instance from the list in the next step or change the Aggregation to Total if there is only one counter instance(12). Notice that when you enter the OID and the MIB is in the database, it will be automatically displayed as a variable. Click Next and Add the counter on next screen.

6. Select the threshold on which NetCrunch should generate an event, in our example 70 (13), add a meaningful description (14) and change the severity to Critical (15). Click OK

7. Right click on the event, select Assign predefined alerting script and choose Syslog for SCOM(16).

8. Go to Assigned to tab (17), click Add Node(18) and select your UPS(19). Please note that you can add this Monitoring Pack to multiple devices. Click OK and close the Monitoring Packs window.