It seems almost inevitable that the Default Management Pack will become cluttered in time. This primarily comes down to educating staff on being careful not to save anything to the Default Management Pack. This is one of those "gotchas" in Operations Manager 2007, which we always need to keep in mind while customizing the product with overrides, and creating rules and monitors. Hopefully, future releases of Operations Manager will have a better design around this to keep customers from saving customization to the Default MP. For now, you'll have to take heed to this caveat.
In this post, I will explain how you can monitor the Default MP. You'll see how we can create a rule to send a notification and/or raise an alert if the number of overrides stored in the Default MP should exceed a threshold. This threshold is a number that you decide is acceptable. One way to determine your threshold, is to check where you're at now. Run the following query against the OperationsManager DB:
select count(*) as NumberOfOverrides from AllOverrideView aov
inner join ManagementPackView mpv on aov.managementpackID = mpv.Id
where mpv.name = 'Microsoft.SystemCenter.OperationsManager.DefaultUser'
If you currently have more than 2, you may want to check what is in there and do an initial cleanup. Given an acceptable number of overrides (let's just say 2), we can set our threshold and generate alerts when this is exceeded. For brevity, I am attaching a sample MP. This sample sync's at midnight, and queries the OperationsManager DB for the number of overrides in the Default MP. It compares this number with the threshold you have set in the rule parameters, and raises a Warning alert in the Operators Console. Of course, you can expand on this workflow and add a notification or change the severity if you like.
To import my sample Management Pack
If you want to get this going quickly by just importing, I've attached the sample MP.
The script write action rule is not enabled by default. After importing, go into the Authoring space of the Operators Console. Click Rules > Scope to Root Management Server > search for string Default > Right-click "Monitor Default MP Write Event" rule > Overrides > Override the Rule > For all object of type: Root Management Server.
Check the Enabled parameter, and set to True.
Check the Arguments parameter, and enter your threshold, Operations Manager database server name, and Operations Manager database name.
Note: Arguments are space delimited.
To create the rules in your own custom MP using the attached script
If you want to create these rules in your custom MP, follow these instructions and use the attached script for your script write action rule.
First we'll create a rule that executes the query on the OpsDB, and creates an event in the Operations Manager event log for us to match and generate alerts. Create a new rule > Timed Commands > Execute a Script. Save into your custom Management Pack. Perhaps you have a MP that you've already been creating some custom monitoring or tasks.
Enter a rule name and select Root Management Server for your Rule Target.
Configure the schedule to run once a day. Synchronize the rule, so that it will always run at the same time. If a synchronize time is not specified, the rule will automatically sync to the time when the workflow became active on the agent. This means the rule will sync at the time it was initially delivered to the agent...and subsequently synchronized to the time when the agent Health Service is restarted.
Paste the attached MonitorDefaultMp script into the script pane. Keep the same file name for consistency. The filename here doesn't affect functionality of the rule, but the filename within the script is used in event data and needs to match NT Event alert expressions later in this walk-through. Click on Parameters.
Type in your determined threshold, the Operations Manager DB Server Name and the Operations Manager DB Name. The parameters are space delimited.
You're finished with this rule. Click create and let's move onto the alert generating rule.
This rule will match the event in the Operations Manager event log and generate an alert. Create a new rule > Alert Generating Rules > Event Based > NT Event Log (Alert). Save to the same MP.
Type in a rule name, select the Alert category and target Root Management Server.
Specify the Operations Manager log.
Build the expression as follows. This is where we need to match parameter 1 to our script name. This script name is actually specified in the log event method from within the script. If you take a look at the script, you'll see the script name specified. This is what's being matched. This is why it's important we keep these script names consistent throughout. Otherwise, it's more difficult to build an efficient expression.
Lastly, we'll specify the alert information. I recommend Event Description...that'll give you all the info you'll need. I specified Warning for severity, as I though it was better suited for this type of alert.
Finally, this is the result.
This is what you'll see in the Operations Manager event log.
If you want to test this and see results quickly, specify a threshold value of 1 in the parameters, uncheck the synchronization time and configure the schedule to run every 1 minute.
If you cannot see the attachments to this post, click on the header of this post and the attachment link should appear at the bottom.