Please note: This is not an officially supported integration. Thanks to Scott Ames for putting it together.
VictorOps Alerting from Microsoft System Center Operations Manager (SCOM) through PowerShell. Call this script from SCOM’s command notification channel.
Change $RoutingKey to the routing key you would like to pass in or remove it altogether to send it to the default key
Note: If your alerts are coming into VictorOps but going to the wrong team, you may have to hard code the Routing Key into the URL on lines 57 and 67 of the script instead of using the $RoutingKey variable.
Change api-key to the organization api key or default it in parameter #2
EXAMPLE FULL PATH OF THE COMMAND FILE: C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
STARTUP FOLDER FOR THE COMMAND LINE: C:\windows\system32\WindowsPowerShell\v1.0\
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | <#.SYNOPSIS VictorOps Alerting from Microsoft System Center Operations Manager (SCOM) through PowerShell Call this script from SCOM's command notification channel - be sure to update the API key (parameter #2). See Example for usage. .DESCRIPTION Post alerts to VictorOps from Microsoft System Center Operations Manager (SCOM) through PowerShell .EXAMPLE FULL PATH OF THE COMMAND FILE: C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe COMMAND LINE PARAMETERS: "C:\scripts\VO_Send-Alert_Test.ps1" '"$Data[Default='Not Present']/Context/DataItem/AlertId$"' '"$RoutingKey"' '"api-key"' # !Change $RoutingKey to the routing key you would like to pass in or remove it alltogether to default to 'everyone' # !Change api-key to the organization api key or default it in parameter #2 STARTUP FOLDER FOR THE COMMAND LINE: C:\windows\system32\WindowsPowerShell\v1.0\ .EXAMPLE # Easier to look at: "C:\scripts\VO_Send-Alerts.ps1" ^ '"$Data[Default='Not Present']/Context/DataItem/AlertId$"' ^ '"$RoutingKey"'' ^ '"api-key"' # Change $RoutingKey to the routing key you would like to pass in, or remove it alltogether to default to 'everyone' #> Param ( [Parameter(Mandatory=$true ,Position=0,HelpMessage="Unique AlertID must be provided.")][GUID]$AlertID, [Parameter(Mandatory=$false,Position=1,HelpMessage="Team routing key, optional.")] [String]$RoutingKey = "everyone", [Parameter(Mandatory=$false,Position=2,HelpMessage="Organization API key (see REST API Integrations settings in VictorOps), optional.")][String]$API = "", [Parameter(Mandatory=$false,Position=3,HelpMessage="Monitoring tool, optional.")] [String]$MonitoringTool = "Microsoft System Center Operations Manager" ) # Required: OperationsManager Module Import-Module OperationsManager ## Find the alert $Alert = Get-SCOMAlert | where {$_.id -eq $AlertID.ToString()} # Determine the status of the alert switch ($Alert.ResolutionState){ 0 {$Status="CRITICAL"} 255 {$Status="RECOVERY"} default {$Status="CRITICAL"} } # workaround for unix/linux hosts - hostnames do not come through clearly in SCOM if($Alert.NetbiosComputerName -ne $null){ $hstname = $alert.NetbiosComputerName } elseif($Alert.MonitoringObjectPath -ne $null){ $hstname = $alert.MonitoringObjectFullName } else { $hstname = $alert.MonitoringObjectName } ## Setup our Subject & StateMessage to be passed [String]$Subject = $Status + ": " + $Alert.Name + " [" + $hstname + "]" [String]$StateMessage = "Description: " + $Alert.Description + "`n" ` + "Hostname: " + $hstname + "`n" ` + "Timestamp: " + $Alert.TimeRaised.ToLocalTime() + " PST `n" ` + "Team: " + $RoutingKey.ToUpper() + "`n" ` + "Last modified by: " + $Alert.LastModifiedBy + "`n" ` + "Last modified time: " + $Alert.LastModified + "`n" ` ## Convert to json $props = @{ message_type = $Status; #[String] One of the following values: INFO, WARNING, ACKNOWLEDGMENT, CRITICAL, RECOVERY timestamp = $Alert.TimeRaised.ToLocalTime(); #[Number] Timestamp of the alert in seconds since epoch. Defaults to the time the alert is received at VictorOps. entity_id = $Alert.id.ToString(); #[String] The name of alerting entity. If not provided, a random name will be assigned. entity_display_name = $Subject; #[String] Used within VictorOps to display a human-readable name for the entity. hostname = $hstname; #[String] System hostname (set above via logic) monitoring_tool = $MonitoringTool; #[String] The name of the monitoring system software (eg. nagios, icinga, sensu, etc.) state_message = $StateMessage; #[String] Any additional status information from the alert item. Subject = $Subject; } $json = ConvertTo-Json -InputObject $props ## Log alert # Event-log $CheckEventLog = (Get-EventLog -List | ? Log -EQ "OM Alerts") if($CheckEventLog -eq $null){ try{New-EventLog -LogName "OM Alerts" -Source "VictorOps Alerts"} catch{Write-Error "Please rerun the script from a Windows PowerShell console with admin rights ('Run As Administrator'). Cannot continue.";Break} } $event_message = $StateMessage + "`n Command: " + "Invoke-RestMethod -Method Post -ContentType `"application/json`" -Body `n$json`n -Uri `"https://alert.victorops.com/integrations/generic/20131114/alert/$API/$RoutingKey`"" Write-EventLog -LogName "OM Alerts" -Source "VictorOps Alerts" -Message $event_message -EventId 2 -EntryType Information <# Text file $Logstring = $StateMessage.replace("`n"," ") $Logfile = "C:\scripts\VO_Send-Alerts.log" $DateTime = Get-Date -Uformat "%y-%m-%d %H:%M:%S" $Logstring = $DateTime + " " + $Logstring Add-content $Logfile -value $Logstring $json | Out-File -FilePath "C:\scripts\VO_Send-Alerts.$RoutingKey.json" #> # Post the alert Invoke-RestMethod -Method Post ` -ContentType "application/json" ` -Body $json ` -Uri "https://alert.victorops.com/integrations/generic/20131114/alert/$API/$RoutingKey" |
