Question regarding SCOM 2012 SP1 ways to determine conclusively if alert was sent out for a condition.
Has anyone experienced issues where alerts do not seem to be sent out? I am seeking assistance to determine if this version or upgrade can be relied for enterprise level monitoring and alerting. I wish there was some log showing this info.
I´m not aware of any logs for the notification channel. I do now that when the SMTP-server is not available for the notification channel you will get an alert in scom.
What you can do to verify is that you check the smtp-logs on your emailserver to see if it tried to send out a notification.
We have not used SCOM:s own notification channels. They are somewhat limited when you want to exclude some alerts from notificiations. Instead we have written a powershell script. That check for new alerts (get-scomalert…) and send out an email if they are over x minutes old and still open. This way we can also log what alerts where sent out.
What we have done in our group is to have a shared mailbox. We then created email distribution lists (DL) for each group we send emails to and add our shared mailbox and the DL for the group that wants the alerts. It allows us to search the shared mailbox and verify if an alert was sent to a group.
We got tired of the “We did not get an alert” scenarios where we could not prove either way. Now we send them the email that shows it was sent to our DL that included their DL. Then they can fight amongst themselves about what went wrong from there.
Yes. We use same technique. All alert notifications from SCOM, Filers, Appliances, Network Gear etc go to one common mailbox so that we can co-relate root cause. Thanks for sharing the info.