Alerts
In this section:
Alerts View
The Alerts view; select the Alerts navigation button, allows you to manage alerts and alert rules.
Alerts are triggered by events sent from managed computers according to the alert rules. A predefined set of alert rules is available and you can modify these or create your own. Alert rules must be enabled for alerts to be raised. Some predefined alert rules are not enabled by default.
Each alert rule can generate an alert based on an individual event or range of events and can also include criteria for matching events originating on specific computers and from specific users. Alert rules can also include actions for generating alerts via SNMP and SMTP e-mail notifications.
All Alerts
Alert filters sort and handle alerts for events generated by computers in all deployment groups, shown in the following table according to the rules you define in Alert Rules.
For more information about managing alerts for specific deployment groups or computers, see Deployment Group Alerts.
You can filter alerts according to a range of criteria including the acknowledged and resolved states which you apply using the available actions. You can also delete alerts from the lists of alerts or according to the acknowledged or resolved states.
Expand the top-level node to display specific alert filter criteria.
Filter |
Description |
---|---|
All | Displays a global overview of all alerts from computers across all deployment groups. |
Created in last day | Displays alerts which have a status of new and that have been raised in the last 24 hours. |
Critical | Displays alerts for critical severity events. Critical events have a red indicator preceding the alert. A critical alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity. |
High | Displays alerts for high severity events. High event have an orange indicator preceding the alert. A high alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity. |
Medium | Displays alerts for medium severity events. Medium events have a yellow indicator preceding the alert. A medium alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity. |
Low | Displays alerts for low severity events. Low events have a green indicator preceding the alert. A low alert is defined in Alerts > Alert Rules > Alert Rule > Details > Severity. |
New | Displays alerts for new events. A new alert is defined in the alert Status column. |
Acknowledged | Displays alerts flagged as acknowledged. |
Resolved | Displays alerts flagged as resolved. |
Alert Status
When an alert rule gets triggered by an event the Management Server checks if there is an alert for that rule with a status of New. If there is, the Management Server adds the event to that alert. If there isn’t an alert then a new alert is raised and the event is added to that. Therefore, it is important that once an alert has been seen and the appropriate action taken you set the status to Acknowledged or Resolved so that you can see a new alert if the problem recurs.
Update the New status to Acknowledged or Resolved in the Status column or from the Actions pane.
Highlight an alert to display a list of all events raised for that alert in the Events tab. Select Show Event Details in the Actions pane for further details on a specific event.
- Acknowledge — Flags the selected alerts as acknowledged.
- Resolve — Flags the selected alerts as resolved.
- Delete — Deletes selected alerts or events.
- Delete All — Deletes all alerts. Events remain in the database.
- Show Event Details — Launches the Event Details dialog displaying information about the currently highlighted event.
Alert Rules
Alert rules allow you to set up alert notifications matched with incoming events sent from client computers to the Management Server. Alert notifications can be sent via SNMP or as e-mail notifications via SMTP. You can assign severity levels to alert notifications according to requirements.
Alert Rules
Rule - Name of the current alert rule.
Enabled - When selected, enables the highlighted alert rule.
New Rule — Creates a new Rule sub-node below the Alert rules node.
Enable — Enables the highlighted rules and processes related event types to generate alerts according to rule policies.
Disable — Disables the highlighted rules.
Delete — Deletes the highlighted rules.
Security — Opens the Security dialog for the selected alert rule
Alert Rules Sub-nodes
After creating a rule in the Alert rules node, expand the Rule node to configure the Criteria and Actions.
Alert Rule
The Alert Rule node allows you to specify alert rule names, descriptions, status and severity and view rule criteria and actions. The Actions panel allows you to edit the criteria and actions for the rule in the Criteria and Actions nodes.
The work area contains the following:
Details
- Name — Editable text box for entering an alert rule name which should include the number of the event to which the rule applies for easy reference.
- Description — Editable text box for entering an alert rule description. The text box expands to allow you to enter detailed descriptions. Click OK to confirm the description you have entered.
- Severity — Drop-down list for selecting a severity level to apply to the alert rule.
- Status — Drop-down list from which to select options to enable or disable the current rule.
Criteria
The Criteria list provides details of the alert rule criteria. You can edit these criteria by expanding the Alert Rule node to display the Criteria node or by selecting the Edit Criteria option in the Actions panel.
The Criteria list includes:
- Event ID — Events with this ID number generate alerts of this type. For event ID numbers and their descriptions, see the node in the console Deployment Groups.
- Computer Name — Events on this computer generate alerts of this type.
- User Name — Events caused by this user on the specified computer generate alerts of this type.
Actions
The Actions list displays details of the alert rule actions to perform when an alert of this type is generated. You can edit these actions by expanding the Rule node to display the node or by selecting the Edit Actions option in the right-hand Actions panel.
Actions include:
- SMTP — Indicates whether SMTP e-mail generation is enabled or disabled.
- SNMP — Indicates whether SNMP trap generation is enabled or disabled.
- Edit Criteria — Switches the view to the sub-node for specifying event ID, computer name and user name criteria for generating alerts based on the current rule.
- Edit Actions — Switches the view to the Actions sub-node for configuring SNMP and SMTP e-mail notifications about alerts generated by this rule.
- Delete — Deletes the highlighted rules.
Alert Rule |
Event ID |
Severity |
---|---|---|
Application Execution Denied | 9000 | High |
Application Manager agent ended unexpectedly | 9090 | Critical |
Application Manager agent restarted | 9091 | Low |
Application Manager agent terminated | 9092 | High |
Application Manager unrecoverable | 9093 | Critical |
Application Manager not licensed | 9099 | Critical |
Component Analyzed | 9021 | Low |
Component failed to optimize | 9203 | High |
Component optimized | 9202 | Low |
Computer Assigned to Deployment Group | 9712 | Medium |
Computer startup action fail | 9410 | High |
Computer startup action success | 9409 | Low |
Computer successfully registered with Management Server | 9751 | Low |
CPU clamping off | 9105 | Medium |
CPU clamping on | 9104 | Medium |
Environment Manager agent ended unexpectedly | 9390 | Critical |
Environment Manager agent restarted | 9391 | Low |
Environment Manager agent terminated | 9392 | HIgh |
Environment Manager agent unrecoverable | 9393 | Critical |
Environment Manager not licensed | 8399 | Critical |
Events failed to upload to the Management Server |
9705 | High |
Events within the Management Server database were deleted |
9707 | Medium |
No valid Application Manager configuration found |
9095 | Critical |
No valid Environment Manager configuration found |
9495 | Critical |
No valid Performance Manager configuration found |
9195 | Critical |
Overwrite changed owner |
9002 | Medium |
Package created, modified or deleted |
9702 | Medium |
Package install or uninstall was successful |
9710 | Low |
package install or uninstall was unsuccessful |
9711 | Critical |
Performance Manager agent ended unexpectedly |
9190 | Critical |
Performance Manager agent restarted |
9191 | Low |
Performance Manager agent terminated |
9192 | High |
Performance Manager agent unrecoverable |
9193 | Critical |
Performance Manager agent not licensed |
9199 | Critical |
Product agent is not compatible with client platform |
9708 | Medium |
Rename changed owner |
9003 | Medium |
Scripted rule failed |
9010 | High |
Security rile created, modified or deleted |
9740 | High |
Self healing file removed |
9304 | High |
Self healing file replaced |
9303 | High |
Self healing registry key removed |
9302 | High |
Self healing registry key replaced |
9301 | High |
User logoff action fail |
9408 | High |
User logoff action success |
9407 | Low |
User logon fail |
9406 | High |
User logon success |
9405 | Low |
User was created, modified or deleted |
9703 | High |
Alert Rule Criteria
Alert Rule Criteria allow you to specify details of the events which generate this alert and filters to indicate specific computers on which the events occur and specific users causing the events. You can use any combination of these values to create the alert rule.
Criteria values support the use of regular expressions for specifying multiple values or ranges.
Delimiter characters must be used where appropriate. For example, when specifying a domain and computer name or user name, such as:
Domain
\\Computer or
Domain\\User.
The Criteria node includes:
-
Event ID — Enter the ID number of the event type for which you wish to generate this alert. Use regular expressions to specify multiple values or ranges.
ExamplesRegular Expression
Description
9700 Match only event 9700 97[0-9][0-9] Match any Management Center event 9000|9001 Match either the 9000 or 9001 events -
Computer Name — Enter the name of the computer from which the specified event must originate to generate this alert. Use regular expressions to specify multiple values or ranges.
ExamplesRegular Expression
Description
^AB Matches all computers whose NetBIOS name starts with AB ^SALES_COMP1$ Only matches SALES_COMP1 computer SALES_COMP1 Matches any computer containing SALES_COMP1, so will match
PRESALES_COMP1 and SALES_COMP10 and so on
-
User Name — Enter the name of the user that causes the specified event to generate this alert. Use regular expressions to specify multiple values or ranges.
ExamplesRegular Expression
Description
^FRED\.BLOGGS$ Matches user FRED.BLOGGS