Previous Page
Next Page

Tuning Rules in the Administrator Console

Once you have identified a particular rule that you wish to tune, there are several approaches you can take. First, ensure that you are suppressing duplicate alerts! See Chapter 13 for more details on suppressing duplicate alerts. Before any other tuning should occur, make sure you are suppressing duplicate alerts for all of your MOM rules (excluding any that you wish to receive duplicate notifications for).

Probably the next step in tuning any MOM rule is determining if you even need to be monitoring the event or performance counter the rule is polling. If you determine that you do not care to be notified of a particular alert, you can simply configure a rule to not generate an alert. The data will still get collected for the rule. To configure an existing rule not to generate an alert, double-click a rule to bring up its properties, click the Alerts tab, and remove the checkmark beside the label "Generate alert." To completely disable a rule, display a rule's properties (the General tab will be displayed by default), and remove the checkmark beside "This rule is enabled." You can also override rules for particular computers or computer groups, which can be useful when a particular machine or set of machines cannot adhere to a rule and for some "good reason." To configure override criteria for an existing rule, display a rule's properties (the General tab is displayed by default), and place a checkmark next to "Enable rule-disable overrides for this rule." Next click the Set Criteria button and choose to enable or disable the rule for a particular computer or computer group.

In general, most rules have their schedules set to "always process data." While this is the optimal setting for most circumstances, sometimes it may not be. To change an existing rule's schedule, display a rule's properties, click the Schedule tab, and expand the drop-down, setting the value to "Process data during a specified time" or "Process data except during a specified time." Specify the days and times of when the rule should either process or not process data.

Alerts are generated with an initial severity via the corresponding rule's Alert settings. You can change this behavior so that while the same number of alerts may get generated, their initial severity may not need to be as high as they are by default. To change an alert's initial severity, display a rule's properties, click the Alert tab, and expand the Severity drop-down; set the value to a severity that is preferably not as severe as the default setting was.

Rules contain criteria; if you add a rule's criteria with its data provider, you have a rule's definition! A very common data provider is the NT Event log for event rules. For such rules you can go into the criteria tab and add additional filters to try to eliminate alert noise! To modify an existing rule's criteria, display a rule's properties, click the Criteria tab, and click the Advanced button to obtain the most flexibility for configuring the criteria.

Finally, a more advanced mechanism to reduce alert noise is to respond to a generated alert with an attempt to remedy the issue automatically. For example, if MOM cannot connect to SQL Server (an event rule for the SQL Server MP), one such "remedy" response is to run a NET START command in an attempt to start the service. In this scenario, you would still want to receive an alert if MOM cannot connect to SQL Server, but some system events can be automatically remedied without requiring notifying anyone! To define a "remedy" response for an existing rule, display a rule's properties, click the Responses tab, and click the Add button. All responses can either run locally on the MOM Management Server or locally on the monitored servers. As you can see from the following table, you can invoke several predefined responses:

Response

Description

Launch a script.

Runs a VB/J Script file including MOM's installed scripts

Send an SNMP trap.

Launches an SNMP trap

Send notification.

Sends a notification to an existing MOM notification group

Execute a command or batch file.

Self explanatory

Update a state variable.

Updates an alert state variable

Transfer a file.

Uploads or downloads files between the MOM Management Server and monitored servers

Call a method of a Managed Assembly.

Executes a method of a CLR assembly

To begin learning how to create a MOM response via a script or a managed assembly, see Chapter 11.


Previous Page
Next Page