Help
for Alert Manager
Help
for Alert Manager
The Alert Manager service is an extendable facility that allows receiving and processing of application-generated alerts. A variety of actions can be taken in response to alerts, including alert logging, pop-up user notification, forwarding the alert to another system, program execution, or an application-defined action. Features of this service include:
The Alert Manager's functions are activated from several links in the Alert Manager screen. These links are:
These same choices are available on a menu bar at the top of every Alert Manager screen.
The Alert Log shows the alerts that have been logged on this system. Alerts enter the alert log only through an explicit logging Action available as one of the Alert Actions.
The Alert Log screen consists of several sections:
The Alert Log shows the text of each alert as a link. Selecting this link takes you to the Alert Details for that alert. Each alert can be selected for potential deletion from the log with a check-box.
At the bottom of the Alert Log screen are buttons which allow the deletion of user-selected alerts, the deletion of all the alerts shown, or the deletion of all the alerts not shown, if applicable.
The Histograms screen shows the alerts from the Alert Log in an easily digested summary. The alerts are collected and divided by the different classifications of interest.
The Histograms screen consists of several sections:
Each bar in the histogram shows how many of the selected alerts fall into the specified classification. The bars themselves are links; clicking on a bar will show you a special view of the Alert Log containing all the alerts which comprise that bar.
The Monitor Alert Log screen shows only those alerts which have been placed into the alert log since you entered the Monitor Alert Log screen. Upon entry, it starts with an empty screen. Any new alerts placed in the system's log will be put in the monitor when it is refreshed. Your browser may support automatic refreshing. If it does not, you may refresh the monitor with the Refresh link.
Pressing the Clear Monitor link returns the monitor to its original state.
Each alert entry in the monitor starts with the Severity, color coded with its Alert Type Class. The alert text itself is a link to the Alert Details of the alert. Note that, once you go to the alert details, there is no explicit path back to the monitor. It is recommended that, in order to retain the same Monitor Alert Log screen, you use your browser's Back feature to return to the monitor.
As the Alert Log grows in size, or as the user's system problems become specific or specialized, the ability to view only those alerts desired by the user becomes useful.
At the top of the Alert Log screen and the Histograms screen is a segment of the screen which allows viewing the Alert Log according to user-defined criteria. Using these controls, the user may view the Alert Log and Histograms by time and/or by profile.
To filter by profiles, select the desired Profiles in the profile selection box. If no profiles are selected, then no profile filtering will be performed, and all alerts will be used in the Alert Log or Histograms.
To filter by time, select the number of hours of past alerts you wish to see. If the number of hours is left blank, the Alert Log or Histograms will not be filtered by time.
Select the Refresh Alert Log push button to update the alert log. Select the View Histograms push button to see the Histograms. Any alert log viewing that has been arranged through Alert Log Views will be used to limit the alerts appearing in the log or histograms.
Select the Refresh Histograms push button to update the histograms. Select the View Alert Log push button to see the Alert Log. Any alert log viewing that has been arranged through Alert Log Views will be used to limit the alerts appearing in the log or histograms.
Selecting a specific alert from the alert log displays detailed information about the alert in an Alert Details screen. The user may select multiple alerts for the purposes of multiple deletes or printing reports. The currently highlighted alert in the log will have its alert-specific information displayed at the top of the screen. Selected information includes:
Alert Text includes the name of the alert, as well as any textual commentary included by the application that generated the alert. If the alert was generated as a result of a security access attempt or was forwarded to the system from another system, the alert text will include the name of the network containing the remote system, the network address of the remote system, the name of the remote system and the user ID used by the remote system.
This is the application-specified alert type. A displayed alert consists of an Alert Sender name followed by a Type of Alert.
The possible Alert Sender types are:
An Alert Sender may also be unspecified, in which case an Alert Sender value will not be displayed.
The possible alert types are:
An alert type may also be unspecified, in which case a Type of Alert value will not be displayed.
The alert Severity is a value from 0 to 7, with 0 being the most severe. For example, an Alert Severity of 0 might be assigned to a disk failure, while a value of 7 might represent a system coming on-line at the start of a day. Alert Severity is determined by the application that generates the alert. The Severity helps to determine the Actions that Alert Manager will then take, from advising a user of a disk drive that is nearly full to launching applications to deal with disk errors or ECC memory failure.
By default, alerts with Severity values from 0 to 5 will be logged in the Alert Log. Alerts with Severity values from 0 to 3 will also be displayed in a pop-up window.
The Application ID is the name of the application that sent the specified alert to the log.
The Time of Alert is the time of day when the alert was generated and logged.
The Date of Alert is the calendar date on which the alert was generated.
The System Unique ID is a random 16 character identification string that is assigned to a system when Netfinity is installed. This ID can be used to positively identify the system that generated the alert.
The Application Alert Type is a numeric value assigned to an individual alert by the application that generated it. The meaning of this value is specific to the application that generated the alert, as identified in the Application ID field. For more information on specific Application Alert Type values, refer to the individual application's documentation.
Alert Profiles are objects which help the user better manage the alerts received by the system. A profile describes a class, or set of classes, of alerts. Through them, the user may classify alerts by service or application, by responsible person, or simply by urgency. Profiles in the Alert Manager may be used to trigger Actions, to view the alert log, or to compose other profiles. Profiles give you the alert classification power of the action triggering mechanisms, but are, in fact, defined and usable apart from actions.
The Alert Profiles screen displays a list of all available profiles, and enables the user to select individual profiles for editing or deleting, or to create completely new profiles. From the Alert Profiles screen you can:
Viewing, editing, or creating a profile takes you to the Profile Editor.
The Alert Actions screen displays a list of all available and configured Actions, and enables the user to select individual configured Actions for editing or deleting, or to create completely new Actions. From the Alert Actions screen you can:
Viewing, editing, or creating an Action takes you to the Action Editor.
The Action Editor enables the user to create and configure Actions that the Alert Manager will take in response to specific alerts. It uses a series of user-defined Active Profiles or Alert Conditions to determine which alerts will trigger a defined Action. When it receives an alert, the Alert Manager checks each of the alert's Alert Conditions to see if it meets the specifications for a defined Action. A defined Action is executed if either of the following is true:
To configure an Action:
Set the Alert Conditions or Active
Profiles. When defining an Action, you must first identify which alerts
will cause the Alert Manager to execute the Action. There are two means
to specify these alerts: Alert Conditions and Active
Profiles.
To define the action by Alert Conditions:
To define the action as an Alert Profile:
You must select a name for the action. This name will be used in the Alert Log Views and the Alert Actions to refer to this action.
The Alert Conditions Group consists of five individual alert conditions that are used by the Alert Manager to determine appropriate profile and action responses. For an alert to match a profile, the alert must meet all of the Alert Conditions for the particular profile, or it must match a profile included in the composition of the particular profile. For an alert to trigger an Action, the alert must meet all of the Alert Conditions for the Action, or it must match a profile which is bound to the Action. The five alert conditions are:
For more information on each of these individual alert conditions, see their specific topic.
The Type of Alert is a brief description of the generated alert. It describes the nature of the alert (unknown, failure, error, warning, information), and can also contain a general description of the source of the alert (system, disk, network, operating system, application, device, or security).
When creating or editing an Action, you may decide what types of alerts will trigger the Action. You may select one or more of the types of alerts that are listed in the Type of Alert section of the Action Editor screen. An alert will only trigger the alert you are configuring if its alert type matches one of the alert types you have selected from the Type of Alert selection list. If the Any radio button above the Type of Alert section is selected, any alert type received by the Alert Manager will be considered a valid Alert Condition.
The Severity is a number from 0 through 7 that indicates how serious a generated alert is. A Severity of 0 represents a very serious alert, while a Severity of 7 is relatively minor.
When creating or editing an Action, you may assign a specific severity value or severity range that will trigger the Action. If the Any radio button above the Severity section is selected, any alert severity value received by the Alert Manager will be considered a valid Alert Condition.
The Application ID is the alphanumeric identifier of the application that generated the alert. You may select one or more currently available Application ID's from the Application ID window. You may also enter a new Application ID by typing it on its own line in the Added entry box right of the Application ID selection box. If the Any radio button above the Application ID section is selected, any Application ID received by the Alert Manager will be considered a valid Alert Condition.
The Application Alert Type is a numeric value assigned to an individual alert by the application that generated it. This value is often used by the application itself. You may select one or more currently available Application Alert Types from the Application Alert Type section of the Action Editor screen. You may also enter a new Application Alert Type by typing it on its own line in the Added entry box right of the Application Alert Type selection box. If the Any radio button above the Application ID field is selected, any Application Alert Type received by the Alert Manager will be considered a valid Alert Condition. For more information on individual Application Alert Types, refer to the individual application's documentation.
The Sender ID is the network address of the system that generated the alert. You may select one or more currently available Sender ID's from the Sender ID section of the Action Editor screen. You may also enter a new Sender ID by typing it on its own line in the Added entry box right of the Sender ID section. If the Any radio button above the Sender ID section is selected, any Sender ID received by the Alert Manager will be considered a valid Alert Condition.
The entries in the Sender ID field show the name of the network containing the sending system, followed by '::', and followed by the network address of the sender. For example, an alert sent by a system named SYSTEMA that is communicating using the NetBIOS protocol would be shown as 'NETBIOS::SYSTEMA'.
The Action Label text entry field allows you to give a name to an Action that is bound to profiles. This name will appear in the Available Actions section of the Action Editor screen. You are not required to name the Action.
The Action Definition Group contains the available Actions, as well as entry fields for any Action Definition Parameters that are required for a specific Action definition.
All available actions are displayed under Define a New Action. An Action is a program that carries out an action in response to an alert that meets the Alert Conditions. Some Actions require additional information to carry out their specified functions. If additional information is necessary, it will be identified as a parameter value (<P#>). Additional fields, called Action Definition Parameter will appear below the Action field, along with a brief description of the information required.
Note: For more information on the available Actions, see the Netfinity Manager User's Guide or consult your network administrator.
Action Definition Parameter fields appear when additional information must be supplied for an Action to carry out its functions. A brief description of the information required appears above the Action Definition Parameter field.
The Profile Editor enables the user to define profiles that match classes of alerts received by the Alert Manager. A profile can be defined as a set of Alert Conditions or as a Profile Composition. This definition determines which alerts will match the profile and trigger any Actions or alert log viewing bound to that profile.
To configure a profile:
Set the Alert Conditions or Profile
Composition
When defining a profile, you must first specify the Alert
Conditions or Profile Composition that must be
met for the Alert Manager to recognize an alert as matching this profile.
As alerts are received, the Alert Manager checks each alert condition against
the defined profiles. If ALL alert conditions are met, the profile matches
the alert. If a composite profile includes a matching profile, it also
matches the alert. Any Actions bound to the matching profile will be triggered
by the alert.
To define the profile by Alert Conditions:
You must select a name for the profile. This name will be used in the Alert Log Views and the Alert Actions to refer to this profile.
To define the profile as a Profile Composition:
You must select a name for the profile. This name will be used in the Alert Log Views and the Alert Actions to refer to this profile.
The Active Profiles are chosen from a selection box filled with defined profiles. All those profiles selected in the Active Profiles selection box when the new or edited Action is saved will be used to trigger the Action.
The Profile Composition is chosen from a selection box filled with defined profiles. All those profiles selected in the Profile Composition selection box when the new or edited profile is saved will be included in the profile.
The Profile Definition allows you to set the name of the profile. You are required to give each profile a unique name.
The Generate Alert activity allows you to generate an alert on the system you are connected to. To generate an alert, select the desired particulars of the alert from the selection boxes for the available fields:
If an entry you wish for Application ID or Application Alert Type does not appear in the selection list, place the entry in the entry field beside the selection list.
Enter the desired text for the alert into the Alert Text entry box. This field is required for all alerts.
You should note that the Received From field of the generated alert will appear as a path from the managing system to the system on which you are generating the alert. That is, it will appear as though the alert was generated on the managing system, and then routed to the managed system. However, it will not affect the managing system in any way, and its first explicit handling by Alert Manager will be on the managed system.
Enter the Cleanup Alert Conditions page by selecting Clean Up on the
header. Once in the Cleanup Alert Conditions page, select those entries you
wish to delete from the respective lists. Pressing the Delete Selected button
immediately deletes the selected items.
Note: The Local System Sender ID cannot be deleted.
To exit the Alert Manager service, select the "Netfinity" image on the top or bottom of the Alert Manager service to return to the Netfinity services screen.