I don’t know about everyone else, but our team gets asked questions like the following very often:
- Are we collecting any events from source <insert source name here>?
- Do any of the management packs we have deployed alert on event ID <####>?
- Are we collecting performance data for counter <insert counter name here>?
Back in the MOM 2005 days (not that I want to depict them as ideal, mind you) there was a search wizard that made answering this question trivial. With OpsMgr 2007 however this wizard went away and now there are a myriad of tools (MPViewer), sql queries (Kevin Holman’s link) and even some PowerShell examples (Jonathan Almquist’s link, link). What I’ve not been able to get any of them to do is to scan all of my management packs quickly.
So I’ve started doing this with PowerShell. Here is the script:
# Stuff the path where I will store the exported MPs into a variable since I’ll be using it in a few places
$path = ‘C:\temp\ProdMPDump’
# Clear any previously exported MP files
# Load the OpsMgr snap-in and connect to one of my management groups (refer to the Note below)
# Export every MP in the management group to XML (including the sealed ones)
get-managementpack | export-managementpack -Path $path
# Search for the event/performance counter name as a string and list out any files where a match is found
dir “$path\*.*” | select-string ‘Storage Agents’ -List | ft FileName
Note: I open a normal PowerShell prompt and use the Start-OM function mentioned in a previous post. If you do this directly from an Operations Manager Command Shell then you don’t have to do the “start-om; cd <ManagementGroupName>” stuff.
This approach is not without it faults though and I’m sure it could be made more effective with some smart regular expressions. Specifically, I get some noise when searching for event IDs because the numbers are commonly found as sub-strings in other strings (i.e. images).
Hopefully you find this helpful and I welcome any tips on some of those “smart regular expressions” I mentioned :).