Microsoft has released several Solution Accelerators (SA) to supply additional functionality to your MOM environment. Currently there are six SAs, and one of those is called the Alert Tuning Solution Accelerator. According to Microsoft, the goal behind the ATSA is as follows:
A reduction or prevention of service incidents by using proactive remedial action
Faster and more effective responses to service incidents
Improved overall availability of services
An increase in user satisfaction
You can obtain the ATSA from http://www.microsoft.com/technet/itsolutions/cits/mo/smc/sts05.mspx. Once you download Alert_Tuning.msi and run the installer, you can begin working with the solution. The files are installed in your current user's My Documents directory. There are a handful of "goodies" you now have access to, including a test plan document, optimizing MOM alert volume guide, and the core alert tuning reports (Alert Tuning Reports.msi). These reports are MOM/Reporting Services reports that detail alert counts by date, by device, and processing rule. When you run the Alert Tuning Reports installer, it extracts three .rdl files onto your machine. Upload these report definition files via Report Manager and configure the report's data source to point to the OnePoint database.
The Optimizing MOM alert volume guide can be quite informative but we personally think its systematic approach to alert tuning is beyond the reach of most real-world organizations. Still, we encourage you to read this guide as it does contain some good information. One phase of the alert tuning process discussed in the volume guide is performing test cases on your tuned management pack rules; there is a sample test plan included that you can use as a template for your alert tuning test cases. Regardless of the time your organization can dedicate to tuning MOM alerts, I highly recommend you perform at least an initial test case for any management pack rules you have tuned!
Once you have installed the ATSA reports and read over the accompanying documentation it is time to begin tuning your MOM rules. I recommend a three-step process that leverages the ATSA reports:
Track down excessive alerts via the ATSA reports.
Tune the alert's corresponding rule in the Administrator Console.
Perform a test case of your tuned rule.