SCOM 2012: Detect Event Storm

System Center Operations Manager collects a lot of events but one System with a flapping service can cause SCOM to be flooded by events – an Event Storm. Operations Manager does not recognize this until the database is too full which causes performance issues or even greyed out management servers because they cannot proceed the data anymore.

It is important to avoid that Situation. There is one easy solution: a Monitor based on a PowerShell script which checks the number of events written to the database in a predefined schedule. If the number of events is higher than a given threshold an alert is created which shows the top 5 machines creating events. This makes it easy to find the cause of the problem. 

 
I have mentioned this situation in my presentation “Getting The Most From Operation Manager” at MMS 2015.

You can download the solution here. It also includes the rule to check greyed out agents.

A big thank to Thomas Peter from Vaserv EU who helped with this solution.

Advertisements

Published by

SystemCentertipps

* 1974, female, working as a IT Senior System Analyst in a chemical company. Main topics: System Center Operations Manager 2012, System Center Orchestrator 2012, System Center Configuration Manager 2012. Monitoring servers since 2002, started with NetIQ Appmanager. Twitter: @NatasciaHeil

2 thoughts on “SCOM 2012: Detect Event Storm”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s