Get SCOM heartbeat alerts using PowerShell

Today I will show you how to get all SCOM heartbeat alerts. In this example we will gather those information from SCOM server remotely using PowerShell session.

SCOM uses heartbeats to monitor communication channels between an agent and the agent’s primary management server. A heartbeat is a packet of data sent from the agent to the management server on a regular basis, by default every 60 seconds, using port 5723 (UDP).

When an agent fails to send a heartbeat 4 times, a Health Service Heartbeat Failure alert is generated and the management server attempts to contact the computer by using ping. If the computer does not respond to the ping, a Failed to Connect to Computer alert is generated. For more info please visit technet site.

To get names of SCOM Management servers we can use following command – remember to run it on SCOM server where SCOM Module is installed:

(Get-SCOMManagementServer).name

We can search SCOM alerts based on several criteria. Most important are ResoultionState and Severity:

Get-SCOMAlert  -Criteria "ResolutionState = 0 AND Severity = 1"

Resolution States:
0 = New
255 = Closed

Severity Values for Alerts:
0 = INFORMATIONAL
1 = WARNING
2 = CRITICAL

Final script:


$Days = Read-Host "How many days back?"
$Server = "SCOM001"
$Searchby = "Heartbeat"
$ErrorActionPreference = 'SilentlyContinue'
$Cred = Get-Credential "Domain\$env:USERNAME"


Write-Warning "Connecting to $Server"

    # Open new session for server
    Try 
    { 
        $SCOMSession = New-PSSession -ComputerName $Server -Credential $Cred
        If (!$SCOMSession) {Throw "Failed to connect to server"}
    }
    Catch 
    {
        Write-Host $_.Exception.Message -ForegroundColor Yellow
        Break
    }
   
        # Query SCOM for alerts
        $SCOMAlerts = Invoke-Command -Session $SCOMSession -ErrorAction Stop  -ScriptBlock{Param($Searchby,$Days)Get-SCOMAlert  -Criteria "Severity = 1" | where-object {($_.name -like "*$using:Searchby*") -and ($_.TimeRaised -gt ((Get-Date).AddDays(-$using:Days)))}} -ArgumentList $Searchby,$Days

        # Proceed if alerts found
        If(!$SCOMAlerts)
        {
            Write-Warning "No alerts found"
        }
        Else
        {
            # Array with alerts
            $SCOMArray = @()
 
            # Looping each alert
            $SCOMAlerts | ForEach-Object{
 
                $Alert = $_

                Switch($Alert.ResolutionState) 
                { 
                    "0" { $Resolution = "New" } 

                    "255" { $Resolution = "Closed" }  
                }

                # Create a custom object 
                $Object = New-Object PSCustomObject
                $Object | Add-Member -MemberType NoteProperty -Name "State" -Value $Resolution
                $Object | Add-Member -MemberType NoteProperty -Name "Severity" -Value $Alert.severity
                $Object | Add-Member -MemberType NoteProperty -Name "Object name" -Value $Alert.MonitoringObjectDisplayName
                $Object | Add-Member -MemberType NoteProperty -Name "Alert name" -Value $Alert.name
                $Object | Add-Member -MemberType NoteProperty -Name "Time generated" -Value $Alert.timeraised
 
 
                # Add custom object to our array
                $SCOMArray += $Object
            }

        }

    # Display results
    If($SCOMArray)
    {
        Write-Host "`nFinal results:"
        $SCOMArray | Sort-Object "State" -Descending | Format-Table -AutoSize
    }


    # Removing session
    Remove-PSSession $SCOMSession
    #Get-PSSession

                          

SCOM Cmdlets can be found here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.