| Home Prev |  InCenter 2.2.5 On-Premises Administration Guide
|
Next |
|---|
InCenter provides the ability for the administrator to be made aware when certain events occur, including the option to receive alarms for specified events via email. In describing the alerting subsystem. the following terms will be used:
A ticket type corresponds to a particular log event message that can be generated by a node. All ticket types are predefined in InCenter. Ticket types can be set to a state of either being enabled or disabled. When they are disabled, InCenter will ignore them if they occur. By default, all types are enabled.
This collects together all the occurrences of a given ticket type for a given node. When a ticket is created it is initially in an unacknowledged state and must be explicitly acknowledged by the administrator before it moves to an acknowledged state.
Alarm
An alarm consists of an email that is sent when selected ticket types occur.
The alerting feature is managed through the Alerting menu options in the navigation pane, which are shown below.
When the Ticket Types option is selected, a list of all available ticket types is presented. An example of the first few lines of this list is shown below.
Each line in the list corresponds to a particular event or ticket type that InCenter will create a ticket for from incoming log messages. The slider on the right allows the administrator to choose if that ticket type should be monitored or not. By default, all ticket types are enabled. The pencil icon on the left indicates an On/Off change that has not yet been activated.
When a monitored event occurs, it is added to the Open Tickets list and the number of unacknowledged tickets in the list is indicated by a number next to the alerts icon in the toolbar.
The current ticket list is displayed either by clicking the alters icon in the toolbar or by selecting the Tickets option in the navigation menu. As shown in the example below, the list displays how many times that ticket type's log event has occurred for a given node in the Events column. The Created column shows when the ticket first occurred for that node and the Updated column shows when it last occurred for the node.The ticket list can be extensive so filtering is possible by type, severity or node. Below, only the tickets with Medium severity are being selected.
Each open ticket line corresponds to a given ticket type for a given node. Tickets remain in the Open list until they are acknowledged. This is done by first selecting a line in the Open list to open the Ticket Details dialog. An example of this dialog is shown below.
By pressing the Acknowledge button, the entire ticket is moved to the Acknowledged list (accessed through the Acknowledged tab). The acknowledged tickets will persist as an historical record for 30 days before being automatically deleted by InCenter.
There is a limit of 1000 unacknowledged tickets across all ticket types and nodes. When this is reached, the oldest unacknowledged ticket will be auto-acknowledged when a new ticket occurs. Similarly, the maximum number of unacknowledged tickets across all ticket types and nodes is 1000. When the maximum is reached, the oldest acknowledged ticket is deleted when a new ticket acknowledgement occurs. The Events link in the dialog shown above allows the administrator to view the individual received log messages that caused the event count for this ticket type and this node to be incremented. However, not all logs may be saved by InCenter. Some may be discarded when they duplicate previous log events or do not add extra information to them.The Information link will provide a brief summary description of the ticket type, as shown in the example below.
If an email is to be sent when a specific event occurs, an alarm can be created by selecting Alarms from the Alerting menu and then pressing the Add button.The new alarm dialog is then presented. An example of this is shown below.
In the above dialog, the administrator can select the ticket types for which alarms are to be generated and the email addresses of the recipients. An email is generated whenever any of the selected tickets occurs and sent to all the recipients.
SMTP server setup will be required in order for InCenter to send emails. Doing this is described in Section 6.9, SMTP Server Setup.
Note that an alarm is only sent the first time a ticket is generated for a given ticket type and node. In other words, only once per ticket type per node. If that ticket is then acknowledged by the administrator, it becomes possible for the same alarm to be sent again if the same ticket types occurs again.
Managing Alerting Using the CLI
Alerting can be managed using the CLI. First, change the CLI context to be Alerting and use the set command to disable the ticket types that are not of interest. For example:admin@InCenter:/> cc Alerting admin@InCenter:/Settings> set TicketType virus-detected Enabled=No
The command alerting can be used to display and acknowledge tickets. For example, the following command will display all unacknowledged tickets with a high severity by using the -list option:
admin@InCenter:/> alerting -list -severity=high
The following command will list all unacknowledged tickets that have a high severity for the node called my-node1:
admin@InCenter:/> alerting -list -severity=high -node=my-node1
To show the details for a ticket, the ticket number must be specified using the -show option:
admin@InCenter:/> alerting -show=5
The -acknowledge option is used to acknowledge a specific ticket number:
admin@InCenter:/> alerting -acknowledge=106
