SCOM 2012 script to close old alerts coming from Rules

This small PowerShell script was created to close old alerts coming from rules in SCOM 2012. Alerts from rules do not auto-close so you will have to manually close them. This script looks for those alerts and specifically also checks for the last modified date (and not the alert

 
 
 
 
 
(3)
2,657 times
Add to favorites
System Center
12/22/2012
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Script isn't working for me
    3 Posts | Last post September 27, 2014
    • I have been trying to get your solution to work (with the addition of an AND statement specifying a particular MonitoringRuleId (or Name) and setting the AgeHours to 1, but when I run the script (either locally or remotely) it does not close the rules that are clearly over 1 hour old.
      
      If I do part of the script:
      
      get-scomalert -criteria 'ResolutionState=''0'' AND IsMonitorAlert=''False'' AND Name=''System has been logged into via SSH using "root" password detected'''
      
      It shows me that there are two alerts, but if I add in the where clause:
      
      get-scomalert -criteria 'ResolutionState=''0'' AND IsMonitorAlert=''False'' AND Name=''System has been logged into via SSH using "root" password detected''' |where {$_.LastModified -le (Get-Date).addhours(-$AgeHours)}
      
      I get no results.  I think this is why they are not closing.  Not quite sure how to troubleshoot this.
      
      
    • Figured it out.  the LastModified -le needed to be changed to -ge (greater than or equal to) for it to work.
      
      Otherwise, it was looking for alerts that were LESS THAN 1 hour old to close them.
    • Great, thats exactly the trick. Also be carefull with double quotes in the string you are lookibg for since they are surrounded by other double quotes as well.
  • Thanks
    2 Posts | Last post September 27, 2014
    • Just want to say thank you for this script. it helped me!
    • Very welcome