You can implement alerts to send email or pages based on events received. Implemented by the zenactions
daemon, the system continuously evaluates each user's paging rules against the event database. Each user has his own set of alerting rules.
Read the following sections to learn about:
Setting SMTP settings for alerts
Creating alerting rules
Escalating alerts
Scheduling alerts
To use email and pager alerts, the system must point to an SMTP relay with the proper settings.
Alerting rules are created for each user. You can add more recipients for rules, but upon creation, the alerting rules are tied to a user account.
To create an alerting rule:
Select Advanced from the menu bar.
The Settings page appears.
Select Users in the left panel to display the users page.
In the Users area, the name of the user for which you want to create an alerting rule.
In the left panel, select Alerting Rules.
From the Alerting rule table menu, select Add Alerting Rule.
The Add Alerting Rule dialog appears.
Enter a name for the alerting rules, and then click OK.
Click the name of the alert.
The Alert Details page appears.
Set the attributes from the Alert Details page:
Delay (secs) - Sets the number of seconds to wait before sending the alert. If an event clears before delay time, no alert is sent.
Enabled - To enable the alert, set this value to True. Setting this to True disables all alert windows, and is the same as a 24x7 alerting window.
To alert only during certain periods specified in the alerting windows, set Enabled to False.
To ensure that an alerting rule will not send alerts, ensure that Enabled is set to False, and that all alerting rule windows are not enabled.
Repeat Time - Sets the time for repeating the alert. Sends the alert every n seconds until the event is acknowledged.
Action - Selects whether to send email or a page.
If the action is defined as email, then the event is emailed. If the action is set to page, then you must define and test the value of the Page Command field (Advanced > Settings). Many wireless phone systems have SMTP-to-SMS gateways, so in some cases you can use email to send pages.
By default, email alerts are sent to the email address for the user. Pager alerts go to the specified pager address. You can override this by filling in the Address (optional) field.
Where - This area lets you set the thresholds for the alert. The default rule contains the thresholds for an event occurrence in which:
Event State = New
Severity >= Error
Production State = Production
You can change these thresholds by changing one or more selections.
Add filter - Select one or more filters for the alert. The page re-displays so you can select values for the filter. To remove a filter, click the (-) minus button.
Click Save to save selections for the alert.
In the left panel, select Message to customize the message that is sent to the specified address.
The Message page appears.
Specify the email message subject and body. You must create two messages:
Message - Text to send when the thresholds for the alert are met or exceeded.
Clear Message - Text to send when the event has cleared.
The fields for the subject and message areas are Python format strings.
Click Save to save the messages.
By default, all enabled schedules are active at all times. If you want to restrict the times for which an alerting rule is active, follow these steps:
Set the Enabled alert field to False.
From the left panel, select Schedule to set up a schedule for the alert.
The Active Periods page appears.
Select Add Rule Window from the Actions menu.
The Add Active Period dialog appears.
Enter a name for the schedule in the ID field, and then click OK.
The Schedule you added appears in the Active Periods list.
Click the name of the new schedule to set its details.
The Schedule Details page appears.
Enter information or make selections:
Enabled - Set to a value of true if you want to restrict this alert to monitor only at certain times, for certain durations.
Start - Enter the date you want the alert to start, or click Select to select the date from a calendar. Select the hour and minutes you want the alert to start.
Duration - Specify the length of time you want the alert to be listening, based on the start time.
Repeat - Optionally select a time frame for the alert to repeat. You can choose:
Never
Daily
Every Weekday
Weekly
Monthly
First Sunday of the Month
Click Save.
You can create an alerting hierarchy by using some of the different management tools.
You can create an alert hierarchy based on event status and delays by using alerting rules.
Sample Scenario:
You want to set up alerting rules so if that "Person A" (the first person in the hierarchy responding to alerts) does not acknowledge or suppress an event of a specific priority within a specific length of time (changing the event status), then "Person B" is notified by email to respond.
Step 1: Create an Alerting Rule for the Default Case (Initial State)
The default case is "when any new event of any priority occurs, alert Person A."
Create an alerting rule with a Delay value of 0 (zero) seconds.
Step 2: Create an Alerting Rule for the Next Level
For the next level in the hierarchy, the case is "If Person A does not acknowledge or suppress the event within an hour, then send an alert to the next person in the hierarchy (Person B)."
Create an additional alerting rule for Person B. To do this, you can:
Create an additional rule for the currently logged-in User account.
Add Person B's email address to the Address field. This address overrides the User account email.
Set the value of Delay to the number of seconds you want to wait after an event has come in to the system but whose status has not changed. In this example, the wait time is one hour (3600 seconds).
In the Add filter area, select Event State, and then select the event state that will keep this rule from being executed on all events (including those acknowledged by Person A). For this example, select New.
You can use delays when creating alerting rules to set up on-call schedules and elevation hierarchies. Using delays will allow you to specify that if an event is not acknowledged in a certain amount of time, then the system should send email to the next person in the hierarchy. You accomplish this by filtering on event state ('New') and adding a delay.