Pass PowerShell result to Alert Description?

I’ve got a monitor that looks for rogue KMS servers using PowerShell to run ‘nslookup -type=all _vlmcs._tcp’

The monitor is working as expected, but I’d like to show the results of the nslookup cmd within the Alert description. Is that possible?

I’ve tried putting entries like $Data/Context/Property[@Name=’Error’]$ within the alert description, where ‘error’ is the PropertyBag that references the nslookup in the PS script, but it just returns a numerical value for each entry that I add.

Get-KMS.PS1 script:

$ScomAPI = New-Object -comObject "MOM.ScriptAPI"
$PropertyBag = $ScomAPI.CreatePropertyBag()

# Run nslookup to get all KMS servers
$Log = nslookup -type=all _vlmcs._tcp
$Find="*kms.domain*"

# If kms.domain is present then return state OK
if($Log -like $Find) 
{ $PropertyBag.AddValue("State","Ok")}
else
# If kms.domain is not present then return error state
 {$PropertyBag.AddValue("State","Error!")}

# Count the number of KMS servers, should only be one
$charCount = ([regex]::Matches($log, "svr hostname" )).count
$PropertyBag.AddValue("Count",$charcount)  

# Show results in Alerting
$PropertyBag.AddValue ("Error", $Log)
            
# Send output to SCOM
$PropertyBag

Alert description entries I’ve tried:

$Data/Context/DataItem/Property[@Name=’Error’]$
$Data/Context/DataItem/Property[@Name=’State’]$
$Data/Context/DataItem/Property[@Name=’Count’]$
$Data/Property[@Name=’Error’]$
$Data/Property[@Name=’State’]$

As an update to the above, I’m still struggling with passing the details from PowerShell through to the Alert Description. The below PowerShell is to find disconnected users on SCOM monitored servers.

#Required section for PowerShell in SCOM
$ScomAPI = New-Object -comObject "MOM.ScriptAPI"
$PropertyBag = $ScomAPI.CreatePropertyBag()

#Process quser Dos Command result text into PowerShell object
$rawUserData = & quser
$wellFormedData = ($rawUserData).Trim() -replace ‘\s{2,}’,’,’ | ConvertFrom-Csv

#If there are disconnected users, set monitor to warning state
if ($wellFormedData | Where-Object {$_.ID -ge ‘4’} )
{
$PropertyBag.AddValue("State","OverThreshold")
}
else
#if no disconnected users, then monitor is green
{
$PropertyBag.AddValue("State","UnderThreshold")
}

#attempt to pass results to alert description
$PropertyBag.AddValue("output",$wellFormedData)
          
# Send output to SCOM
$PropertyBag

The monitor works as expected, but I don’t get details in the Alert Description. My Alert Description is

$Data/Context/Property[@Name=‘output’]$

Is there anything obviously wrong with the above? I’m wondering whether there’s some deeper problem with my SCOM instance; I can’t see any errors, and the script works without all the SCOM/Property Bag stuff.

Are you using Alert Parameters in the monitor?

If you add a propertybag value like this:
$PropertyBag.AddValue(“State”,“Error!”)

The corresponding Alertparamer should look like
<AlertParameter1>$Data/Context/Property[@Name=‘State’]$</AlertParameter1>

And then you reference the parameter in Alert Description like ({0} = AlertParameter 1)

<Description>{0}</Description>

I use this and it works in my setup:
In the script:
$PropertyBag.AddValue(“MessageText”,$errorhash)

In alert description:
$Data/Context/DataItem/Property[@Name=‘Messagetext’]$