When I first started using SCOM I tried to setup notification subscriptions for specific alerts that were of interest. Someone wanted to be alerted on low disk space for a specific server and I would set it up for them. The problem with this type of design is that it is not at all scalable to setup subscriptions on an alert by alert basis, and it leaves you open to a lot of room for error if you happen to target the wrong object.
What I have found to be much more effective is to use notification subscriptions in conjunction with custom groups. If for example an engineer is the primary source of support for 20 different servers and a handful of databases– I will create a custom group and explicitly add all associated objects to that group which the engineer is responsible for. Then I will create a notification subscription that is based on two conditions:
-Raised by any instance of a specific group
-Of a specific severity
Generally I will set the second condition such that an e-mail alert will only occur for critical severity items. This provides much broader coverage to insure that critical alerts are getting dispatched via e-mail with the least possible amount of maintenance in that it only requires that the group membership be kept up to date as new systems are brought online. I also generally create a custom view for the engineer with a state view which is populated by the members of the group so that they have full transparency into exactly what objects they will be getting critical e-mail alerts for. If it is a larger organization with multiple members of the same team needing the alerts, the same principle applies just in this case make a custom group for each individual team, instead of individual sys admins/engineers.
To put this into effect in your environment the first thing you need to do is create a custom group:
1. Go to Authoring-Groups-Create a new Group…
2. Give you Custom group a name. I recommend always affixing a standard prefix to anything you create in authoring for ease of administration. In my case I will name my custom group ops-username (username should = the name of the sysadmin or engineer who will be getting the e-mail alerts for objects in this group) Select a non default management pack to save your group.
5. Click next to add subgroups as well
6. Click next (excluded objects don’t really apply unless you have dynamic inclusion rules and you want to pull out some objects that are getting picked up by those rules. Since only explicit group members are being used in this example, you can easily just remove the objects from explicit membership should you ever want them to not be generating e-mail alerts in the future.
7. Click Create
Now that you have your custom group populated with objects go to :
8. Administration-Notifications-Subscriptions-New Subscription
11. Click on the word “specific” highlighted in blue-search for your custom prefix, in my case “ops”
12. Click on appropriate group from available groups and click Add-OK
13. Click on the word specific highlighted in blue next to severity- Select Alert Type Critical and click OK (You could certainly send e-mail alerts on warning and informational conditions as well, but I find restricting it to critical tends to insure that alerts are regarded as actionable signal rather than just noise. In cases where there is an obscure warning level alert that you want to have an e-mail alert sent, I find overriding it to make its severity critical tends to be a more manageable decision.
14. Add your subscriber
15. Add your channel
16. Click Finish
You now have a notification subscription which will e-mail critical alerts regarding any of the objects in the custom group to your desired recipient. To have this subscription alert on additional objects or new servers you just need to modify the explicit membership of your group.