There's a "rule of monitors" that a user of scom might be aware of. If you have an alert that was generated by a monitor (as opposed to a rule that generates alerts) do not close it and let it close it self. If you do close the alert you wont be notified of the issue again until the monitor returns to a healthy state and then goes back into an unhealthy state.
If someone closes an alert for disk space (or if it occurs during maintenance, or it's old and gets auto closed) we don't find out the server still has space issues until the machine has problems. I'd like a way to regenerate alerts for monitors that are in an unhealthy state.
Currently I've looked at a powershell solution called GreenMachine but it doesn't seem to work very well and is very very slow.
What solutions have people found to this problem?
An easier solution, though with a higher impact: put the object generating the critical health state in maintenance mode for 15 minutes. The health state will change to "not monitored" an will be re-evaluated once it quits maintenance mode.
This way you will regenerate an alert. Bear in mind though that it will have the same effect for every rule an monitor running on that object.
While you could hack together a solution with PowerShell that can reset the monitoring data of a monitor. i.e. Call the
ResetMonitoringStatemethod of the monitoring object like the GreenMachine link you have supplied. If the monitor is reset in Health Explorer or from a PowerShell script a new alert will be generated if the previous one was close when the monitor reruns and detects that there is still a Critical or Warning state.While SCOM has alerts it is state driven not alert driven like MOM. Some converted management packs still exhibit alert driven nature. However in a SCOM designed management pack (such as Windows platform ones) alerts almost always come from monitors (state observers).
This change ultimately means that how you monitor needs to more focused on state not alerts. State can be viewed in state views like Windows Computers and many others or Health Explorer. New state views can be created for specific cases. Also note, an alert may not be raised for each warning or critical state (it is optional) when a monitor is created and can be overridden.
My suggestion is that you don’t find a way to regenerate alerts but change how monitoring is done in your organisation.