In this section:
The Alerts view; select the Alerts navigation button, allows you to manage alerts and alert rules.
Alerts are triggered by events sent from managed computers according to the alert rules. A predefined set of alert rules is available and you can modify these or create your own. Alert rules must be enabled for alerts to be raised. Some predefined alert rules are not enabled by default.
Each alert rule can generate an alert based on an individual event or range of events and can also include criteria for matching events originating on specific computers and from specific users. Alert rules can also include actions for generating alerts via SNMP and SMTP e-mail notifications.
Alert filters sort and handle alerts for events generated by computers in all deployment groups, shown in the following table according to the rules you define in Alert Rules.
For more information about managing alerts for specific deployment groups or computers, see Deployment Group Alerts.
You can filter alerts according to a range of criteria including the acknowledged and resolved states which you apply using the available actions. You can also delete alerts from the lists of alerts or according to the acknowledged or resolved states.
Expand the top-level node to display specific alert filter criteria.
|All||Displays a global overview of all alerts from computers across all deployment groups.|
|Created in last day||Displays alerts which have a status of new and that have been raised in the last 24 hours.|
|Critical||Displays alerts for critical severity events. Critical events have a red indicator preceding the alert. A critical alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity.|
|High||Displays alerts for high severity events. High event have an orange indicator preceding the alert. A high alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity.|
|Medium||Displays alerts for medium severity events. Medium events have a yellow indicator preceding the alert. A medium alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity.|
|Low||Displays alerts for low severity events. Low events have a green indicator preceding the alert. A low alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity.|
|New||Displays alerts for new events. A new alert is defined in the alert Status column.|
|Acknowledged||Displays alerts flagged as acknowledged.|
|Resolved||Displays alerts flagged as resolved.|
When an alert rule gets triggered by an event the Management Server checks if there is an alert for that rule with a status of New. If there is, the Management Server adds the event to that alert. If there isn’t an alert then a new alert is raised and the event is added to that. Therefore, it is important that once an alert has been seen and the appropriate action taken you set the status to Acknowledged or Resolved so that you can see a new alert if the problem recurs.
Update the New status to Acknowledged or Resolved in the Status column or from the Actions pane.
Highlight an alert to display a list of all events raised for that alert in the Events tab. Select Show Event Details in the Actions pane for further details on a specific event.
- Delete Events — Launches the Delete Events dialog allowing you to select events in a date and time range to delete from the database.
- Acknowledge — Flags the selected alerts as acknowledged.
- Resolve — Flags the selected alerts as resolved.
- Delete — Deletes selected alerts or events.
- Delete All — Deletes all alerts. Events remain in the database.
- Show Event Details — Launches the Event Details dialog displaying information about the currently highlighted event.
There are three Delete options available:
Delete Events - Launches the Delete Events dialog allowing you to select events in a date and time range to delete from the database.
Delete - Deletes selected alerts or events.
Delete All - Deletes all alerts. Events remain in the database.
You can delete alerts from the lists of alerts or according to the acknowledged or resolved states.
The Delete Events dialog allows you to delete events from the database within a specified date and time range, or all events.
- Delete all events — Deletes all events in the Management Server database. Disables the date and time range selection options.
- Delete events from range — Deletes events specified within the date range specified the From and To fields.
- From — Allows you to specify a start date and time for events to delete from the database.
- To — Allows you to specify an end date and time for events to delete from the database.
- You can enter date and time values or select a date from the calendar which displays when you expand the drop-down list for each setting. The time values can be adjusted either by entering values directly or using the keyboard arrow keys to scroll to the required hour, minute and second values.
- Skip events that are associated with an alert — Events associated with an alert are not deleted from the database.
Alert rules allow you to set up alert notifications matched with incoming events sent from client computers to the Management Server. Alert notifications can be sent via SNMP or as e-mail notifications via SMTP. You can assign severity levels to alert notifications according to requirements.
Rule - Name of the current alert rule.
Enabled - When selected, enables the highlighted alert rule.
New Rule — Creates a new Rule sub-node below the Alert rules node.
Enable — Enables the highlighted rules and processes related event types to generate alerts according to rule policies.
Disable — Disables the highlighted rules.
Delete — Deletes the highlighted rules.
Security — Opens the Security dialog for the selected alert rule
Alert Rules Sub-nodes
After creating a rule in the Alert rules node, expand the Rule node to configure the Criteria and Actions.
The Alert Rule node allows you to specify alert rule names, descriptions, status and severity and view rule criteria and actions. The Actions panel allows you to edit the criteria and actions for the rule in the Criteria and Actions nodes.
The work area contains the following:
- Name — Editable text box for entering an alert rule name which should include the number of the event to which the rule applies for easy reference.
- Description — Editable text box for entering an alert rule description. The text box expands to allow you to enter detailed descriptions. Click OK to confirm the description you have entered.
- Severity — Drop-down list for selecting a severity level to apply to the alert rule.
- Status — Drop-down list from which to select options to enable or disable the current rule.
The Criteria list provides details of the alert rule criteria. You can edit these criteria by expanding the Alert Rule node to display the Criteria node or by selecting the Edit Criteria option in the Actions panel.
The Criteria list includes:
- Event ID — Events with this ID number generate alerts of this type. For event ID numbers and their descriptions, see the node in the console Deployment Groups.
- Computer Name — Events on this computer generate alerts of this type.
- User Name — Events caused by this user on the specified computer generate alerts of this type.
The Actions list displays details of the alert rule actions to perform when an alert of this type is generated. You can edit these actions by expanding the Rule node to display the node or by selecting the Edit Actions option in the right-hand Actions panel.
- SMTP — Indicates whether SMTP e-mail generation is enabled or disabled.
- SNMP — Indicates whether SNMP trap generation is enabled or disabled.
- Edit Criteria — Switches the view to the sub-node for specifying event ID, computer name and user name criteria for generating alerts based on the current rule.
- Edit Actions — Switches the view to the Actions sub-node for configuring SNMP and SMTP e-mail notifications about alerts generated by this rule.
- Delete — Deletes the highlighted rules.
|Application Execution Denied||9000||High|
|Application Manager agent ended unexpectedly||9090||Critical|
|Application Manager agent restarted||9091||Low|
|Application Manager agent terminated||9092||High|
|Application Manager unrecoverable||9093||Critical|
|Application Manager not licensed||9099||Critical|
|Component failed to optimize||9203||High|
|Computer Assigned to Deployment Group||9712||Medium|
|Computer startup action fail||9410||High|
|Computer startup action success||9409||Low|
|Computer successfully registered with Management Server||9751||Low|
|CPU clamping off||9105||Medium|
|CPU clamping on||9104||Medium|
|Environment Manager agent ended unexpectedly||9390||Critical|
|Environment Manager agent restarted||9391||Low|
|Environment Manager agent terminated||9392||HIgh|
|Environment Manager agent unrecoverable||9393||Critical|
|Environment Manager not licensed||8399||Critical|
Events failed to upload to the Management Server
Events within the Management Server database were deleted
No valid Application Manager configuration found
No valid Environment Manager configuration found
No valid Performance Manager configuration found
Overwrite changed owner
Package created, modified or deleted
Package install or uninstall was successful
package install or uninstall was unsuccessful
Performance Manager agent ended unexpectedly
Performance Manager agent restarted
Performance Manager agent terminated
Performance Manager agent unrecoverable
Performance Manager agent not licensed
Product agent is not compatible with client platform
Rename changed owner
Scripted rule failed
Security rile created, modified or deleted
Self healing file removed
Self healing file replaced
Self healing registry key removed
Self healing registry key replaced
User logoff action fail
User logoff action success
User logon fail
User logon success
User was created, modified or deleted
Alert Rule Criteria allow you to specify details of the events which generate this alert and filters to indicate specific computers on which the events occur and specific users causing the events. You can use any combination of these values to create the alert rule.
Criteria values support the use of regular expressions for specifying multiple values or ranges.
Delimiter characters must be used where appropriate. For example, when specifying a domain and computer name or user name, such as:
The Criteria node includes:
Event ID — Enter the ID number of the event type for which you wish to generate this alert. Use regular expressions to specify multiple values or ranges.Examples
9700 Match only event 9700 97[0-9][0-9] Match any Management Center event 9000|9001 Match either the 9000 or 9001 events
Computer Name — Enter the name of the computer from which the specified event must originate to generate this alert. Use regular expressions to specify multiple values or ranges.Examples
^AB Matches all computers whose NetBIOS name starts with AB ^SALES_COMP1$ Only matches SALES_COMP1 computer SALES_COMP1
Matches any computer containing SALES_COMP1, so will match
PRESALES_COMP1 and SALES_COMP10 and so on
User Name — Enter the name of the user that causes the specified event to generate this alert. Use regular expressions to specify multiple values or ranges.Examples
^FRED\.BLOGGS$ Matches user FRED.BLOGGS
Was this article useful?
The topic was:
Not what I expected
Copyright © 2017, Ivanti. All rights reserved.