Forum Discussion

Cole_McDonald's avatar
Icon for Professor rankProfessor
6 years ago

Alert Rules need more complexity

We are a multi tenant site, we have customers who host on our hardware and under our Azure Subscription.  They aren't allowed to know about one another.  So when we have an event that happens on our SQL cluster, it can effect more than one client.  Our team needs to be notified of that so we can remediate.  Their teams also need to know about it so they can be ready for any calls from their end users who encounter issues as a result.  As they aren't allowed to know about one another, just putting multiple email addresses in doesn't work for us.  I have to make multiple identical event sources per customer in order to have separate rules for each recipient we need to contact.

If you could add a pass-through check box / function to the alert Rules, I'd be able to make a set of matching rules that can end with a notification to our team after passing through our customer's contact rules.  As far as I can tell, this would be the simplest to both implement and manage from an administration standpoint.

I'd also like to be able to filter events based on the description field within the alert rule.  example:

We receive an account locked out (4740 in Security on AD DC) event.  We need to know about it, but based on the user indicated in the message, we need to be able to send that to specific customers so they know that they have a service account attached to a process with an incorrect password potentially causing a work stoppage.

As I set this up to take over our SCOM workload in the next few weeks, I'm sure I'll come up with more... but I'm having to really increase the workload of the LM system and the admin complexity of the sources and rules to be able to meet our contractual needs.