how to exclude specific alerts from the scom alert connector

recently i was working with our ad & messaging team trying to fine-tune the exchange alerts and it came up that the team wanted to receive e-mail notification from scom re: some of the alerts but didn't want those same alerts sent to the scom alert connector to be created as tickets in service manager.  at first i thought this would be impossible and was toying with the idea of using orchestrator to do something fancy, but couldn't even come up with a solution using scorch.


after posting to the forums, i was able to get some good feedback and help with a solution.  here is that solution:


at a high-level we're going to go old school before scom had detailed alert subscriptions in the UI.  we're going to export the unsealed notifications internal library mp from scom.  edit the xml to exclude some specific alerts by RuleID.


first let's determine which alert(s) we want to exclude.  a quick glance at the existing exchange 2010 alerts shows a plethora that we'd ideally like to demote to "informational", but thanks to the correlation engine, this isn't possible :( keep in mind we use the scom alert connector in conjunction with service manager so all these alerts create IRs in service manager and our end goal is to only receive an e-mail notification from scom - but not create an IR in scsm.

to find the ruleID - open any of the alerts and switch to the "alert context" tab.  scroll to the bottom and you'll find the ruleID.  copy the ruleID.

next, from the scom console, go to the administration pane and open management packs.  find the notifications internal library and export it.  use something like notepad ++ to edit the xml.


first we need to find the product connector subscription.  if you scroll to the bottom of the xml, you'll start to see familiar subscription names.  note: this mp can have thousands of lines (mine has 35,600+).  it'll ultimately depend on the number of subscriptions you have in the environment.


normal email subscriptions created in scom will have an elementID similar to this:

subscriptions in the scom alert connector will have en elementID similar to this:

in my case I want to exclude alerts created by the exchange mp so i'm going to modify the section of the subscription that relates to that.  i copy the above elementID for Exchange and do a find in the current MP to see where else it shows up.  note: only copy ProductConnectorSubscriptione5a1d162_0280_4951_9453_df0910f956eb - not the text before or after it.


you should only find it in one other place.

scroll down past all the groupIDs and typeIDs.  you'll eventually arrive to the beginning of the criteria section and the expressions.  this is where you want to be.  for best practice i comment out what exactly my customizations are.  after the criteria, expression and and tags, i add my own expression which will exclude the specific ruleID i found above.

notice the property is RuleId, the Operator is NotEqual and the Value is the value of the RuleID we found above.  if you have more than one exclusion, you just keep adding like this:

an important note:  once you edit the XML section of the productconnectorsubscription, you cannot modify it via the console again or else it'll wipe out your customizations.  here's some testing i did to better illustrate this:

Created a new exchange e-mail subscription in the scom console - kept the custom logic

Created a new subscription on the scom alert connector (alertsync) - kept the custom logic

Modified the e-mail scom subscription by adding a rule - kept the logic

Modified the exchange scom alert connector subscription - removed the logic

basically, if you modify the Exchange subscription via the GUI shown above, you'll lose the custom logic for excluding the alerts.  so, definitely back the file up once you've got it right and then in the future, if you want to make modifications to it via the scom console, just make sure you have that backup so you can transplant the custom XML after you've modified it via the scom console.  hope this helps!


another good resource is here.