Stop collecting all the worthless SCOM events in your environment

Quick Download: https://gallery.technet.microsoft.com/Stop-collecting-all-the-3479ecb5

Do you want to stop collecting all the worthless SCOM events in your environment?  By default SCOM collects thousands of events out of the box with a few Management Packs installed. 99.999% of the time no one is looking at these events.  The events bloat your database and often times provide zero value.

A customer was recently was decommissioning two SQL servers that created 35 Million SCOM events in 2 days.  The events took up 60GB of DB space and crashed their production SCOM.

First we need to create a Management Pack to hold all the overrides.

image

I called mine “SCOM2K16 – Disable All Events”

Copy the script to one of your management servers and run it locally.

Now we simply run this powershell script on one of your management servers

The magic in the script is that it only disables event collection rules that don’t alert.  Rules that do alert we want to keep on, so it won’t disable them.

 

image

 

The script will take a long time to run as there may be thousands of rules that need to be turned off.

Thanks to Brad Watts for help with the script.

No comments yet.

Leave a Reply