I’m a BIG fan of Microsoft’s Operations Management Suite (OMS) platform, especially the Log Analytics function.

Today, I’m going to walk you through how to use OMS to track Unplanned changes, such as software changes occurring outside of a maintenance window.

First, let’s fire up our OMS Dashboard.

I’ve already gone ahead and connected this to my on-premises SCOM deployment as you can see.

Fear not though! If you don’t have SCOM, you can also deploy agents independently as well. Did I mention there’s a FREE tier!? There’s no reason NOT to test this out!

022616_1308_UsingOMSLog1.png 022616_1308_UsingOMSLog2.png 022616_1308_UsingOMSLog3.png

Let’s take a look at the Change Tracking solution in the Solution Gallery, add it if you haven’t already.

022616_1308_UsingOMSLog4.png

Now, once added, it may take some time to start generating data, but once it does…

You can see that it is tracking all software and service changes within my environment!

022616_1308_UsingOMSLog5.png

022616_1308_UsingOMSLog6.png

Let’s see what’s changed recently and click the 3rd tile over for application changes.

We can quickly and easily see what software has changed

022616_1308_UsingOMSLog7.png

Choose one of the options to see what machine is the affected object

022616_1308_UsingOMSLog8.png

This is GREAT for me to track what’s happening in my enterprise environment, now let’s put this data to use.

For example, I have a maintenance window planned every 3rd Saturday of the month for updates, patches, reboots, etc. Let’s say that because of my stringent change control, no software changes/updates are allowed outside of that approved time. But how can I easily track this!?

We’ll, with OMS, we can use the alerting function to alert our admins when an unplanned software change occurs.

First, let’s go back to the main change query

022616_1308_UsingOMSLog9.png

Choose Alert in the top ribbon

Let’s configure our alert to check every 60 minutes, alert when there is ANY change (hence greater than 0) and look since the last 60 minutes so we’re not missing anything.

Then configure our e-mail information and choose Save

022616_1308_UsingOMSLog10.png

022616_1308_UsingOMSLog11.png

Let’s see it in action!

Last night there was some maintenance in our environment and we received the following e-mail alert:

022616_1308_UsingOMSLog12.png

Now every month, you would simply disable this alert at the beginning of your change window and then re-enable it 60 minutes after the change windows has been completed. And all other times, you would get alerts every hour (or whatever time frame you choose).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>