Having an issue where we have people changing or deleting overrides and some alerts are being missed as a result. Example this morning I found someone had deleted all my 2008 CPU alert overrides as a result I had a server with 99% cpu for a few days before it got noticed since que depth never got tripped. I had set that to 0. Is there anyway to set up some logging so we can track who made a change so we can identify what happened next time?
Not something I’ve tried myself, but you may have some luck with the following:
Apparently is not really supported.
Unfortunately no native auditing and something we all need, if you haven’t already you can upvote the request here https://systemcenterom.uservoice.com/forums/293064-general-operations-manager-feedback/suggestions/9071497-auditing-changes-in-scom
I have restricted the admin rights to a very small group of people and enforced a naming standard they must enter into the description of any override to identiy who/when/why its put in place.
just to add someting: Please vote for this on the User Voice. This is I would say the most wanted (but still not implemented) feature for SCOM. I can tell you that it is already on the radar for MS, but we need to push further untill it really gets implemented. So vote, vote
I heard a rumor from a reliable source that this is coming to SCOM 2019 soon.
Same from my site. – Restricting the guys who have admin rights and use the other built-in roles for the guys who do usual operations in SCOM.