Download presentation
Presentation is loading. Please wait.
1
Ondřej Ševeček | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI ondrej@sevecek.com | www.sevecek.com facebook: ondrej.sevecek.official | twitter: @OndrejSevecek SCOM event queries how the object model works GOLD PARTNER:Hlavní odborný partner:
2
Infrastructure recap SCOM management server SCOM agent (health service) –Operations Manager event log 1210 - new configuration became active 1201 - new MP downloaded
3
Management pack XML configuration plus scripts .XML,.MP file or.MPB bundle file Sealed (digitally signed) or un-sealed and modifiable –different MP cannot target/reference objects from an unsealed MP –cannot define classes Strict versioning –can update any management pack with newer version –dependent MPs should work –cannot remove MP which other MPs depend on Downloaded to clients –%programfiles%\Microsoft Monitoring Agent\Agent\Health Service State\Management Packs
4
Management pack dependencies Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.DNS Microsoft Windows Server DNS Monitoring
5
Management pack dependencies Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.DNS Microsoft Windows Server DNS Monitoring Microsoft.Windows.Server.AD.Library Active Directory Server Common Library Microsoft.Windows.Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft.Windows.Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft.Windows.Server.AD.2003.Discovery Active Directory Server 2003 Discovery
6
Management pack dependencies Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.DNS Microsoft Windows Server DNS Monitoring Microsoft.Windows.Server.AD.Library Active Directory Server Common Library Microsoft.Windows.Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft.Windows.Server.AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Microsoft.Windows.Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft.Windows.Server.AD.2003.Discovery Active Directory Server 2003 Discovery
7
Management pack dependencies Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.DNS Microsoft Windows Server DNS Monitoring Sevecek.Overrides Microsoft.Windows.Server.AD.Library Active Directory Server Common Library Microsoft.Windows.Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft.Windows.Server.AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Microsoft.Windows.Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft.Windows.Server.AD.2003.Discovery Active Directory Server 2003 Discovery
8
Better to separate overriding MPs Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.DNS Microsoft Windows Server DNS Monitoring Sevecek.Overrides.AD Microsoft.Windows.Server.AD.Library Active Directory Server Common Library Microsoft.Windows.Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft.Windows.Server.AD.2008.Monitoring Active Directory Server 2008 and above Monitoring Microsoft.Windows.Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft.Windows.Server.AD.2003.Discovery Active Directory Server 2003 Discovery Sevecek.Overrides.DNS
9
base/abstract class inherited object class object class Management pack elements Disco Object instance object instance Object instance object instance singleton monitor rule monitor
10
object class Object instance object class Object instance object class Object instance Concept of targeting Disco object class Object instance object instance Agent Disco object class Object instance monitor rule
11
Management pack dependencies Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.AD.Library Active Directory Server Common Library Microsoft.Windows.Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft.Windows.Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft.Windows.Server.AD.2003.Discovery Active Directory Server 2003 Discovery ReadOnlyDC.Computer DFSR Domain Forest Site SiteLink @IsRODC DomainControllerRole
12
Management pack dependencies Microsoft.Windows.Library Windows Core Library Microsoft.Windows.Server.AD.Library Active Directory Server Common Library Microsoft.Windows.Server.AD.2008.Discovery Active Directory Server 2008 and above Discovery Microsoft.Windows.Server.AD.2000.Discovery Active Directory Server 2000 Discovery Microsoft.Windows.Server.AD.2003.Discovery Active Directory Server 2003 Discovery ReadOnlyDC.Computer DFSR Domain Forest Site SiteLink @IsRODC DomainControllerRole Microsoft.Windows.Server. AD.2008.Monitoring Active Directory Server 2008 and above Monitoring
13
delete logs start web application SQL instance Manufacturing Module – Monitor – Action principle ok warning critical process punning and CPU < 80% Web instance SharePoint Web instance HRAgenda Web instance Manufacturing service name process ID CPU < 80% CPU > 80% stop mail restart service
14
SQL instance Manufacturing Module – Rule – Action principle event log user account locked Web instance SharePoint Web instance HRAgenda Web instance Manufacturing service name process ID mail to admin sms to user
15
Sample environment gopas.virtual (GPS) sevecek.com (SEVECEK) mutual forest non-selective SCOM 2012 R2
16
Sample environment DC1 2012 R2 DC2 2008 R2 SEVECEK-DC 2012 R2 RR 2003 gopas.virtual _msdcs.gopas.virtual gopas.cz sevecek.com gopas.cz 10.10.0.1110.10.0.12 10.10.0.1 10.10.0.13 inet Client81 8.1
17
Sample environment DC1 2012 R2 DC2 2008 R2 SEVECEK-DC 2012 R2 RR 2003 gopas.virtual _msdcs.gopas.virtual gopas.cz sevecek.com gopas.cz sevecek.com gopas.virtual Client81 8.1
18
Sample environment DC1 2012 R2 DC2 2008 R2 SEVECEK-DC 2012 R2 RR 2003 gopas.virtual _msdcs.gopas.virtual gopas.cz sevecek.com gopas.cz sevecek.com gopas.virtual _msdcs.gopas.virtual gopas.cz Client81 8.1
19
Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Zone Windows DNS Zone DNS relationship basics Microsoft.Windows.Computer Windows Computer Microsoft.Windows.Server.DNS.Server Windows DNS Server Microsoft.Windows.Server.DNS.Zone Windows DNS Zone hosting
20
Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Forwarder Windows DNS Forwarder DNS relationships Microsoft.Windows.Computer Windows Computer Microsoft.Windows.Server.DNS.Server Windows DNS Server Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Forwarder Windows DNS Forwarder hosting Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address hosting
21
Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Forwarder Windows DNS Forwarder DNS relationships Microsoft.Windows.Computer Windows Computer Microsoft.Windows.Server.DNS.Server Windows DNS Server Microsoft.Windows.Server.DNS.Zone Windows DNS Zone Microsoft.Windows.Server.DNS.Forwarder Windows DNS Forwarder hosting Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address Microsoft.Windows.Server.DNS.Forwarder.IPAddress. Unconditional / Conditional.Forward / Conditional.Reverse Windows DNS Forwarder IP Address Unconditional / Conditional Forward / Conditional Reverse Microsoft.Windows.Server.DNS.Forwarder.IPAddress Windows DNS Forwarder IP Address hosting
22
Microsoft.Windows.Server.DNS.Server.2008R2.Group DNS 2008 R2 Servers Windows DNS Zone DNS relationships DNS Forwarder Microsoft.Windows.Server.DNSDomain Windows DNS Domain hosting Windows Computer Forwarder IP Address hosting Windows DNS Server Windows DNS Zone Forwarder IP Address Windows DNS Zone containment Windows Computer Windows DNS Server containment
23
Windows DNS Zone Unit monitors DNS Forwarder DNS Domain hosting Windows Computer Forwarder IP Address hosting Windows DNS Server Windows DNS Zone Forwarder IP Address Forwarder IP Address Windows DNS Zone containment Windows Computer Windows DNS Server
24
XML XPath queries EventData/Data[@Name='TargetUserName']='kamil' EventData/*[name()='Data' and @Name='TargetUserName']='kamil' *[name()='EventData]/*[name()='Data' and @Name='TargetUserName']='kamil' EventData/DataItem/*[name()='EventData']/*[name=()='Data' and @Name='TargetUserName'] or you can use a shorter form //*[name()='EventData']/*[name=()='Data' and @Name='TargetUserName']
![XML XPath queries TargetUserName ]= kamil EventData/*[name()= Data TargetUserName ]= kamil *[name()= EventData]/*[name()= Data TargetUserName ]= kamil EventData/DataItem/*[name()= EventData ]/*[name=()= Data TargetUserName ] or you can use a shorter form //*[name()= EventData ]/*[name=()= Data TargetUserName ]](http://images.slideplayer.com./37/10681690/slides/slide_24.jpg "XML XPath queries TargetUserName ]= kamil EventData/*[name()= Data TargetUserName ]= kamil *[name()= EventData]/*[name()= Data TargetUserName ]= kamil EventData/DataItem/*[name()= EventData ]/*[name=()= Data TargetUserName ] or you can use a shorter form //*[name()= EventData ]/*[name=()= Data TargetUserName ]")
25
Děkuji za pozornost! GOC170 - SCOM authoring Ondřej Ševeček | GOPAS a.s. MCSM:Directory Services | MVP:Enteprise Security | CISA | CEH | CHFI ondrej@sevecek.com | www.sevecek.com facebook: ondrej.sevecek.official | twitter: @OndrejSevecek
26
Aktuální a navazující kurzy sledujte na www.gopas.cz www.gopas.cz DÁREK PRO VÁS! TechEd-DevCon 2016! …získejte tričko TechEd-DevCon 2016!Vyplňte dotazníkové hodnocení a… TechEd party! Xbowling Strašnice, 18. 5. 2016 Buďte The Best IT Pro nebo The Best Developer SOUTĚŽ! SOUTĚŽ! SOUTĚŽ!
Similar presentations
![IP ADDRESS MANAGEMENT [IPAM]](/12/3365889/big_thumb.jpg "IP ADDRESS MANAGEMENT [IPAM]>")
