SCOM 2012: Detect Event Storm

System Center Operations Manager collects a lot of events but one System with a flapping service can cause SCOM to be flooded by events – an Event Storm. Operations Manager does not recognize this until the database is too full which causes performance issues or even greyed out management servers because they cannot proceed the data anymore.

It is important to avoid that Situation. There is one easy solution: a Monitor based on a PowerShell script which checks the number of events written to the database in a predefined schedule. If the number of events is higher than a given threshold an alert is created which shows the top 5 machines creating events. This makes it easy to find the cause of the problem. 

 
I have mentioned this situation in my presentation “Getting The Most From Operation Manager” at MMS 2015.

You can download the solution here. It also includes the rule to check greyed out agents.

A big thank to Thomas Peter from Vaserv EU who helped with this solution.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

Trackbacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: