Archive for January, 2010

Syslog Event Collection

January 28, 2010 4 comments

A run through of how to create a syslog event collection rule and create an associated view:

Categories: SysLog Monitoring

Using OpsMgr to alert on security events

January 21, 2010 Leave a comment

If you want to use Operations Manager to alert on windows security events then Secure Vantage offer some great value management packs. But if you are only interested in a couple of event ids then you can easily do this yourself:

First determine the windows event id you need:

Then create a rule or monitor to alert on the eventid. I actually prefer to use a rule rather than a monitor as there is no “healthy” event id to reset the monitor. You can use a timed reset monitor but you risk missing alerts as no new alerts will be generated while the monitor is in an “unhealthy” state.

Update – Kevin Holman has also posted a blog article on this at

Some Authoring links

January 18, 2010 Leave a comment
Categories: Authoring

Creating User Roles

January 14, 2010 Leave a comment

There is a great blog about scoping user roles and security:!3D3B8489FCAA9B51!2035.entry

The official documentation is also useful for walk throughs. You can configure a user roles for the servers \ groups \ views that you want operators to see.

There is a video here called creating user roles (it hasn’t changed in R2):

And how to documentation here:

Operations Manager 2007 R2 sizing guides

January 12, 2010 Leave a comment

A useful spreadsheet to help determine sizing:

Also, a technet article which includes different deployment scenarios with hardware recomendations:

Data Gathering

January 12, 2010 Leave a comment

Below are some ideas, by no means exhasutive, on some basic considerations around gathering accurate data about what you want from an Operations Manager deployment.

The first process as part of a design is to fully and accurately identify the requirements of the monitoring solution and prepare a document which details the scope of any subsequent implementation. This provides:
> A thorough understanding of what is required by the implementation
> A basis for a best practice design
> A measure of the success of the implementation

Ideally this should be signed off by all interested parties to ensure that everyone agrees to the scope and that expectations of deliverables are understood.

Confirm Scope and Constraints of Implementation
Getting an accurate inventory of the current environment helps you in two regards. First, it tells you about what Operations Manager will be monitoring, and it also tells you the restrictions or boundaries it must operate within. Be sure to include the following points:
> The approximate number of devices that will be monitored.
> The applications that will be monitored.
> The physical and network location of the devices that will be monitored.
> The physical and network location of the people who will use Operations Manager data.
> Firewalls and wide area network (WAN) links that define network boundaries.
> The Active Directory Trust boundaries. Trusts need to be 2 way Forest Trusts to support Kerberos authentication. Otherwise certificates will need to be used.
> Integration with other products that are used to perform monitoring, including ticketing systems.
> Method of Notification.
> Line of Business Applications (“Services”) that need monitoring.
> Availability/Recoverability requirements.
> Budget – anything is possible (almost!). Knowing and operating within the budgetary constraints is critical to the success of the project.
> Prioritise so that the key items of monitoring are covered first.

Who needs to see what?
Determine which people need to see what information and what privileges they need to have over that information. For example, who needs to be able to set overrides, run reports or just view alerts. This can be done within a spreadsheet.

Regulatory Compliance
Check to see if:
> Any regulatory Compliance monitoring is required. If so, what do the regulations state? Knowing this will help with determine Audit Collection Service (ACS) planning.
> What sort of data is the business process owner looking to IT to provide and for what time frames? This will help with reporting planning and data-retention planning.

Document current processes
If Operations Manager is being deployed to replace an existing monitoring solution then it is worthwhile looking at the current solution and adding to each of the questions below, “What is good and you want to replicate with Operations Manager and what needs to be done better?”
> How does your organization perform monitoring today?
> Who normally responds to issues or alerts that are raised by automated systems or helpdesk? Knowing this will help determine who needs direct access to the Operations console and what data the console should contain.
> Does the helpdesk usually resolve server issues, or are issues passed to the server support teams?
> How are desktop or client applications monitored currently?
> How is monitoring performed for non Windows devices?

This doesn’t mean that the scope of the implementation is set in concrete. It doesn’t mean that the scope of the implementation won’t evolve. Things change. People come and go and each will have different view on what is needed. Items might be missed. Environments change. But this process gives a basis from which all changes can be mapped.

Operations Manager 2007 Design guide –
Operations Manager 2007 IPD guide –