SCOM (BETA)
The SCOM integration is in BETA.
The SCOM StackPack is used to create a near real time synchronisation with your SCOM instance. The SCOM integration can be configured to run as either an API integration or PowerShell integration, these are described in the tabs below the diagram.
The StackState SCOM API integration sends requests to the SCOM API to retrieve topology data and events.
Agent V2 connects to the configured SCOM API.
Topology data and events for the configured criteria are retrieved from SCOM.
Agent V2 pushes retrieved data to StackState.
StackState translates incoming SCOM topology data into components and relations. Incoming events are used to determine component health state and publish SCOM alerts in StackState.
The SCOM API integration produces a clean topology in StackState by allowing you to specify the topology to collect. You can run the SCOM check from any StackState Agent V2 as long as it can connect to both the SCOM API and StackState.
Retrieving a large topology can require a high number of API requests, this can take time and may place some stress on your SCOM system. The size of topology you can retrieve may also be limited by the number of requests possible. To avoid this, use the SCOM PowerShell integration.
The StackState SCOM PowerShell integration runs PowerShell scripts on the SCOM box to retrieve topology data and events.
PowerShell scripts in Agent V2 collect topology data and events from SCOM..
Agent V2 pushes retrieved data to StackState.
StackState translates incoming SCOM topology data into components and relations. Incoming events are used to determine component health state and publish SCOM alerts in StackState.
The PowerShell integration retrieves all SCOM topology data quickly without placing strain on your SCOM system. As a result, there is no limit on the size of topology that can be retrieved.
The PowerShell integration scripts must be run by an instance of StackState Agent V2 installed on the same box as SCOM and will always retrieve all topology data. This might be undesirable or confusing when viewed in StackState. If you would like to specify a criteria for the data to be retrieved or need to run the integration from a StackState Agent installed elsewhere, you should use the SCOM API integration.
To set up the StackState SCOM API integration, you need to have:
StackState Agent V2 must be installed on any machine that can connect to both SCOM and StackState.
A running SCOM instance (version 1806 or 2019).
A SCOM user with the role Operations Manager Read-Only Operators.
To set up the StackState SCOM PowerShell integration, you need to have:
StackState Agent V2 must be installed on the same machine running SCOM.
A running SCOM instance (version 1806 or 2019).
Install the SCOM StackPack from the StackState UI StackPacks > Integrations screen. You will need to provide the following parameters:
SCOM Instance URL: the SCOM instance URL from which topology need to be collected.
To enable the SCOM check and begin collecting data from SCOM, add the following configuration to StackState Agent V2:
Edit the Agent integration configuration file
/etc/sts-agent/conf.d/scom.d/conf.yamlto include details of your SCOM instance:hostip - SCOM IP.
domain - active directory domain where the SCOM is located.
username
password - use secrets management to store passwords outside of the configuration file.
auth_mode - Network or Windows (Default is Network).
integration mode - to use the API integration, set to
api.max_number_of_requests - The maximum number of requests that should be sent to the SCOM API. See how to determine the required number of API requests, default 10000.
criteria - A query to specify the components to retrieve data for.
init_config:# run every minutemin_collection_interval: 60instances:- hostip: localhostdomain: stackstateusername: <username>password: <password>auth_mode: Networkintegration_mode: api # can be api or powershell, default apimax_number_of_requests: 10000 # default 10000criteria : "(FullName LIKE 'Microsoft.Windows.Computer:%')" # an Operations Manager Data Query
Restart the StackState Agent(s) to apply the configuration changes.
The components to retrieve data for can be defined using an Operations Manager Data Query (docs.microsoft.com). For example, to retrieve data for all Microsoft Windows computers:
criteria : “(FullName LIKE ‘Microsoft.Windows.Computer:%’)”
Errors in the configured criteria query will be reported in the StackState Agent log file.
2020-11-05 09:19:31 GMT | ERROR | ... | (scom2.py:114) | Invalid criteria :The property FullNsame is not valid for the given criteria.
Use the script below to determine the number of components that match a criteria query and the number of dependencies. Add these numbers together and multiply by 2 to find the required number of API requests to retrieve topology data from SCOM. Two API requests are required to retrieve data for each component and each dependency.
$components = (Get-SCOMManagementGroup).GetMonitoringObjects("FullName LIKE 'Microsoft.Windows.Computer:%'")"total number of components that match criteria: "+$components.count$deps= ($components.GetRelatedMonitoringObjects('Recursive')).count"Total number of dependencies: "+ $deps
As two API requests are required to retrieve data for each component and each dependency, the configured max_number_of_requests must be higher than the returned total number of components that match criteria AND total number of dependencies multiplied by 2.
To enable the SCOM check and begin collecting data from SCOM, add the following configuration to StackState Agent V2 running on the same box as your SCOM instance:
Edit the Agent integration configuration file
/etc/sts-agent/conf.d/scom.d/conf.yamlto include details of your SCOM instance:integration mode - to use the PowerShell integration, set to
powershell.init_config:# run every minutemin_collection_interval: 60instances:- integration_mode: powershell # api or powershell, default api
Restart the StackState Agent(s) to apply the configuration changes.
To check the status of the SCOM integration, run the status subcommand and look for SCOM under Running Checks:
sudo stackstate-agent status
To check connectivity between StackState Agent V2 and the SCOM API, open the StackState Agent log file and search for the SCOM Connection Status Code. Connection status is reported as an HTTP status code - 200 is a good connection, other codes show a problem with connectivity.
(scom.py:118) | Connection Status Code 200
Retrieving topology data from SCOM requires 2 API requests per component.
API endpoint | Description |
| Get type of component. |
| Get component information and relations. |
| Get alerts. |
Alerts and Health state from SCOM are available in StackState as events.
Data | Description |
Alerts | The following alert fields are retrieved:
|
Health state | The component health state retrieved from SCOM is used to determine component health in StackState:
|
The SCOM check does not retrieve any metrics data.
Retrieved topology data is visible in the StackState UI SCOM view, named SCOM.\ .
Components
Relations
The SCOM check does not retrieve any traces data.
The code for the StackState SCOM check is open source and available on GitHub at: https://github.com/StackVista/stackstate-agent-integrations/tree/master/scom
Troubleshooting steps for any known issues can be found in the StackState support Knowledge base.
To uninstall the SCOM StackPack and disable the SCOM check:
Go to the StackState UI StackPacks > Integrations > SCOM screen and click UNINSTALL.
All SCOM specific configuration will be removed from StackState.
Remove or rename the Agent integration configuration file, for example:
mv scom.d/conf.yaml scom.d/conf.yaml.bakRestart the StackState Agent(s) to apply the configuration changes.