Define alert actions to use in rules

Configure alerts in the Agent settings tool. For instructions, see Create an alert ruleset. Available alert actions are described below.

Run on core/Run on client

This action starts an executable file on either the core server or the managed device.

  • Name: the identifying name for the action. Be specific so you can easily distinguish between actions.
  • Path and filename: the full path and filename for the executable to be run on the core server or the managed device. When the alert is triggered, the alerting agent will issue a command to run this file.

When you select either action, note that programs may not display as expected on the desktop. When the program is run, it is started as a service in Windows and so is not displayed as a regular application would be. Programs that are run in this way should not contain a user interface that requires interaction. To definitively determine if the program executed, check the processes in the Windows Task Manager.

Send e-mail

This action sends an e-mail message using the SMTP server you specify. As of 2020.1 SU3, configuration has been enhanced to allow automatic TLS/SSL protocol detection and manual port configuration.

  • Name: the identifying name for the action. Be specific so you can easily distinguish between actions.
  • To: the full e-mail address of the person you want to the receive the e-mail notification.
  • From: any valid e-mail address, preferably one that indicates that the e-mail is an alert notification. If this is not a valid e-mail address the message will not be sent.
  • Subject: a descriptive subject for the e-mail notification.
  • Body: a message to accompany the alert notification.
  • SMTP server: the location of an SMTP server and port from which the e-mail can be sent.
  • Set credentials: click to specify a username and password that can be used to log on to the SMTP server. This option is only available on the core server. Additional consoles can't edit this option.

The e-mail will be sent from the core server.

You can send e-mail messages to multiple recipients, and you can use the following variables in the Body field:

  • %% = %
  • %D = Description
  • %N = Computer name
  • %S = Severity
  • %T = Time (UTC)

Send SNMP trap

This action sends an SNMP v1 trap when the alert is triggered.

  • Name: the identifying name for the action. Be specific so you can easily distinguish between actions.
  • Host name: the name of the SNMP host that will receive the trap.
  • Community string: a v1 community string that is used by the host to receive traps.

Severity levels for alerts are reported in the Specific Trap Type field of the trap. Values are 1 = Unknown, 2 = Informational, 3 = OK, 4 = Warning, and 5 = Critical.

Send to syslog server

This action sends log entries to the Syslog server you specify. The entries can be sent in Syslog, Splunk, or Loggly format. You will also need to specify the protocol (TCP or UDP) and port to use.