| Home Prev |  InControl 3.19.01 Administration Guide
|
Next |
|---|
Overview
InControl alarms are notifications of certain events that can be sent to InControl clients. Through InControl, the administrator can define what kinds of alarms are of interest, to whom notification should be sent and how they should be managed.An Alarm's Components
An alarm has the following attributes:A Source
The source is the software that created the alarm. In most cases, this is an InControl server.
An Entity
The entity is the device which is the subject of the alarm. In most cases this will be a particular Clavister firewall.
Alarm Actions
A single alarm can be subject to the following processes:Triggering
An alarm is triggered by the entity associated with it. Triggering means that that a state has occurred that should be notified. For example, InControl might notice that it is unable to contact a particular firewall.
Acknowledgement
An alarm can be acknowledged by an InControl client user. Acknowledgement can be done by applying an action to an alarm. An alarm can have one or many actions associated with it.
If an alarm is acknowledged by one client, it becomes automatically acknowledged for all clients.
Clearing
The clearing of an alarm is done by the alarm's source. For example, an alarm that indicates a particular firewall is unreachable could be cleared when that firewall becomes reachable again.
An override feature for the user to clear the alarm manually is provided but this should not normally be needed.
The Alarm Indicator Icon
Every InControl client display includes an alarm indicator icon at the bottom of the client interface. If there are no active alarms, the indicator appears as shown below:
When any alarms are active, this icon changes as shown below:
In this example, the display indicates there are two active alarms for this InControl client.
The Alarms Tab
The Alarms tab in the InControl client interface displays information about all alarms, including alarms that have been triggered but not yet cleared. The tab can be opened in two ways:By pressing the Alarms button:
By pressing the alarms icon which also acts as a button:
InControl will now display a summary of alarms for this client:
Further detail for each alarm is provided by selecting a particular alarm. The details displayed for the final alarm above is shown below.
Right-clicking an alarm will cause a context menu to appear from which a number of actions can be chosen:
Clearing Alarms
If the Clear option is chosen, the meaning is to indicate that the issue that generated the alert has been dealt with.Many alarms will eventually be cleared by InControl itself. For example, if the alarm is caused by a failure to connect to an offline firewall, then when the firewall comes back online, InControl will clear the alarm itself.
After choosing the clear option, a dialog is shown so that a reason for clearing the alarm can be given and stored in the alarm history.
When an alarm is cleared, either by InControl itself or explicitly by the user, it is removed from the standard alarm list and stored in the Alarm History.
When an alarm is acknowledged instead of being cleared, then the administrator is stating that the issue generating the alarm has been noted but it has not been dealt with yet. Like the option to clear an alarm, a dialog is displayed so that a reason for acknowledgement can be given.
The acknowledgement dialog includes two further options:
Acknowledge Permanently
This means that an alarm will not reappear if the same alarm occurs again.
Acknowledge Until Next Alarm Trigger
This means that the alarm will disappear from the Alarms tab list but if the same alarm occurs again, it will have its state changed back to unacknowledged and reappear in the alarm list.
Note that the phrase same alarm means that the responsible source and event are unique, as explained later.
Acknowledged alarms are not stored in the Alarm History but will be stored by InControl until they are eventually cleared, even though they aren't displayed.
An acknowledged alarm must be cleared before it disappears into the alarm history and this can happen due to a clear being done by InControl. Alternatively, the user can clear the alarm explicitly by using the filtering option in the client to display find it and then applying a clear operation to it.
Alarm Uniqueness
Alarms in the list of active alarms are unique. The combination of alarm type, source and entity must be unique for each entry in the list. Although an alarm might trigger repeatedly, for instance every few minutes if a firewall is unreachable, the triggering will always update the same entry in the alarms list.The Alarm History
cOS Core retains an audit trail of all alarms that are triggered. When an alarm is cleared, it is removed from the active alarm list and placed into the alarm history. This history can be searched based on the search criteria listed below:Time when first triggered.
Time when first triggered.
Time when last triggered.
The source.
The entity that the alarm refers to. For example, a firewall.
The acknowledgement state of the alarm.
The user that acknowledged the alarm.
Time when the user acknowledged the alarm.
User provided comment from user.
If the alarm has been cleared.
The user that cleared the alarm.
Time when the alarm was cleared.
The alarm type.
The alarm source.
The ID that uniquely identifies the alarm from all alarms with the same source type.
The name.
Severity level.
The default action.
