Management Center

Alerts

In this section:

Alerts View

The Alerts view; select the Alerts navigation button, allows you to manage alerts and alert rules.

Alerts are triggered by events sent from managed computers according to the alert rules. A predefined set of alert rules is available and you can modify these or create your own. Alert rules must be enabled for alerts to be raised. Some predefined alert rules are not enabled by default.

Each alert rule can generate an alert based on an individual event or range of events and can also include criteria for matching events originating on specific computers and from specific users. Alert rules can also include actions for generating alerts via SNMP and SMTP e-mail notifications.

All Alerts

Alert filters sort and handle alerts for events generated by computers in all deployment groups, shown in the following table according to the rules you define in Alert Rules.

For more information about managing alerts for specific deployment groups or computers, see Deployment Group Alerts.

You can filter alerts according to a range of criteria including the acknowledged and resolved states which you apply using the available actions. You can also delete alerts from the lists of alerts or according to the acknowledged or resolved states.

Expand the top-level node to display specific alert filter criteria.

Alert Status

When an alert rule gets triggered by an event the Management Server checks if there is an alert for that rule with a status of New. If there is, the Management Server adds the event to that alert. If there isn’t an alert then a new alert is raised and the event is added to that. Therefore, it is important that once an alert has been seen and the appropriate action taken you set the status to Acknowledged or Resolved so that you can see a new alert if the problem recurs.

Update the New status to Acknowledged or Resolved in the Status column or from the Actions pane.

Highlight an alert to display a list of all events raised for that alert in the Events tab. Select Show Event Details in the Actions pane for further details on a specific event.

Delete Events

There are three Delete options available:

Delete Events - Launches the Delete Events dialog allowing you to select events in a date and time range to delete from the database.

Delete - Deletes selected alerts or events.

Delete All - Deletes all alerts. Events remain in the database.

You can delete alerts from the lists of alerts or according to the acknowledged or resolved states.

Delete Options

The Delete Events dialog allows you to delete events from the database within a specified date and time range, or all events.

  • Delete all events — Deletes all events in the Management Server database. Disables the date and time range selection options.
  • Delete events from range — Deletes events specified within the date range specified the From and To fields.
  • From — Allows you to specify a start date and time for events to delete from the database.
  • To — Allows you to specify an end date and time for events to delete from the database.
  • You can enter date and time values or select a date from the calendar which displays when you expand the drop-down list for each setting. The time values can be adjusted either by entering values directly or using the keyboard arrow keys to scroll to the required hour, minute and second values.
  • Skip events that are associated with an alert — Events associated with an alert are not deleted from the database.

Alert Rules

Alert rules allow you to set up alert notifications matched with incoming events sent from client computers to the Management Server. Alert notifications can be sent via SNMP or as e-mail notifications via SMTP. You can assign severity levels to alert notifications according to requirements.

Alert Rules

Rule - Name of the current alert rule.

Enabled - When selected, enables the highlighted alert rule.

Alert Rules Sub-nodes

After creating a rule in the Alert rules node, expand the Rule node to configure the Criteria and Actions.

Alert Rule

The Alert Rule node allows you to specify alert rule names, descriptions, status and severity and view rule criteria and actions. The Actions panel allows you to edit the criteria and actions for the rule in the Criteria and Actions nodes.

The work area contains the following:

Details

  • Name — Editable text box for entering an alert rule name which should include the number of the event to which the rule applies for easy reference.
  • Description — Editable text box for entering an alert rule description. The text box expands to allow you to enter detailed descriptions. Click OK to confirm the description you have entered.
  • Severity — Drop-down list for selecting a severity level to apply to the alert rule.
  • Status — Drop-down list from which to select options to enable or disable the current rule.

Criteria

The Criteria list provides details of the alert rule criteria. You can edit these criteria by expanding the Alert Rule node to display the Criteria node or by selecting the Edit Criteria option in the Actions panel.

The Criteria list includes:

  • Event ID — Events with this ID number generate alerts of this type. For event ID numbers and their descriptions, see the  node in the console Deployment Groups.
  • Computer Name — Events on this computer generate alerts of this type.
  • User Name — Events caused by this user on the specified computer generate alerts of this type.

Actions

The Actions list displays details of the alert rule actions to perform when an alert of this type is generated. You can edit these actions by expanding the Rule node to display the  node or by selecting the Edit Actions option in the right-hand Actions panel.

Actions include:

  • SMTP — Indicates whether SMTP e-mail generation is enabled or disabled.
  • SNMP — Indicates whether SNMP trap generation is enabled or disabled.

Alert Rule Criteria

Alert Rule Criteria allow you to specify details of the events which generate this alert and filters to indicate specific computers on which the events occur and specific users causing the events. You can use any combination of these values to create the alert rule.

Criteria values support the use of regular expressions for specifying multiple values or ranges.

Delimiter characters must be used where appropriate. For example, when specifying a domain and computer name or user name, such as:

Domain\\Computer or Domain\\User.

The Criteria node includes:

  • Event ID — Enter the ID number of the event type for which you wish to generate this alert. Use regular expressions to specify multiple values or ranges.

  • Computer Name — Enter the name of the computer from which the specified event must originate to generate this alert. Use regular expressions to specify multiple values or ranges.

  • User Name — Enter the name of the user that causes the specified event to generate this alert. Use regular expressions to specify multiple values or ranges.

Related topics


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other