Alert management

Use the Alert management screen as your primary control panel for alert definitions.

Note

This topic applies to alerts prior to NAM 2018. For information on alert management starting in NAM 2018, see Alert management.

Access alternatives:

  • Click the dashboard icon at the top of the RUM Console screen

    and click the Alerts tile
  • Open the RUM Console menu

    and select Configuration ► Alerts.
  • On the CAS, select Settings ► Reporting and alerting ► Alerts

Learning about alerts

If you need to do some background reading about alerts, start with Alert system in the documentation reference section.

That topic describes approaches to alert monitoring and offers useful reference material.

Return here when you are ready to get started.

Listing alerts

To browse alerts, use one of these options:

  • From the RUM Console, open
    Configuration ► Alerts
  • From the CAS, open
    Settings ► Reporting and alerting ► Alerts

Both open the Alert management screen on the console.

  • You can switch between the User-defined and Predefined alert definitions.

  • Select Show disabled to display all (enabled and disabled) alert definitions.
    If you want to manage a disabled alert, make sure the Show disabled check box is selected at the top of the list. (By default, the alert list shows only the enabled definitions.)

  • Set Type to display to focus on a specific alert type.
    Select All (the default setting) to show all alert types.
    For more information, see Types of alerts.

  • Type a string in the Filter box and click OK to list only the matching alerts.
    Clear the Filter box and click OK to remove the filter.

  • Click any column heading to sort by that column.
    Click the same heading again to reverse the sort order.

If you upgraded from an earlier version of NAM, you may in some situations notice more than one alert definition with the same name on the user-defined alert list. If this is the case, it means that despite having identical names the alerts have in fact different detection or notification settings. If, on upgrade, two or more definitions with identical configurations (including the alert names) are detected, they will be merged into one entry, even if they were detected on different devices.

Enabling and disabling alerts

The Alert management screen enables you to assign alert definitions to each device separately or to several devices at the same time. You can do this when browsing either the list of available definitions or a list of report servers available in your network.

The actions you can perform on an alert definition depend on the alert type.

  • All definitions can be listed, sorted, enabled, disabled, or have their names, descriptions, and notification messages modified.
  • User-defined metric alerts can also be created from scratch or duplicated and saved under new names.

To enable or disable a single alert

  1. On the Alert management screen, select the User-defined or Predefined alert group.

  2. You can adjust your view:

  3. Find the alert you want to enable or disable.
    If you want to enable a disabled alert, make sure the Show disabled check box is selected at the top of the list.

  4. When you find the alert, select Enable alert or Disable alert (only one of these options will be available) in that alert's Actions list.

To enable or disable multiple alerts

  1. On the Alert management screen, select the User-defined or Predefined alert group.

  2. Find the alerts you want to enable or disable.
    If you want to enable a disabled alert, make sure the Show disabled check box is selected at the top of the list.

  3. Select the check box for each alert you want to enable or disable.

  4. Select Enable selected or Disable selected in the Actions list above the check box column.
    This command will apply to all selected alerts.

To enable or disable an alert per report server

  1. On the Alert management screen, Alerts tab, select the User-defined or Predefined alert group.

  2. Find the alert you want to enable or disable.
    If you want to enable a disabled alert, make sure the Show disabled check box is selected at the top of the list.

  3. Click the alert.
    The Devices with alert list (under the main list) will display all report servers with that alert.

  4. In the Actions column in the Devices with alert list, select the action to take for that alert on that server.
    In this example, we selected the DMI report issue alert in the list of alerts, and then we selected Disable alert for that alert on just one of the listed servers.

Managing alerts per report server

The Devices tab enables you to browse all report servers in your network, together with alert definitions available for assignment.

  1. On the Alert management screen, click the Devices tab.
    The screen shows a complete list of report servers in your NAM installation together with the assigned alerts.

  2. In the upper list, click a report server.
    By default, the lower list shows all alerts enabled on the selected device.
    To also display disabled alerts on this device, select the Show disabled check box.

  3. Enable or disable alerts on the selected device.

    • To enable or disable a single alert on the selected report server, click Enable or Disable in the Actions column for that alert.

    • To enable or disable multiple alerts on the selected report server, select the check box for each alert you want to manage, and then select click Enable or Disable in the Actions column for that alert. In this example, we have selected a server in the upper list, selected the check boxes for two alerts, and disabled the selected alerts on that server.

  4. Click Publish configuration to apply new settings to the devices.

Managing alerts per recipient

To configure who receives notifications and how:

  1. On the Alert management screen, select the Recipients tab.
  2. The Recipients tab has four views:
    • E-mails
    • Trap Recipients
    • Mobile
    • Script

Editing an alert

Your alert editing options depend on whether you are editing a user-defined alert or a predefined alert.

  • Pre-defined alerts can only be edited per device. This is mainly because many of these alerts are designed to monitor the resources of report servers.
  • User-defined alerts can be modified across all report servers. (To modify a user-defined alert on just one device, see Managing alerts per report server above.

Editing a user-defined alert

  1. On the Alert management screen, Alerts tab, select the User-defined tab.
  2. For the alert you want to edit, click Actions and select a menu option.
    • Disable alert - disables the alert.
      To re-enable a disabled alert, select Show disabled to list disabled steps, find the alert in this list, and then select Actions ► Enable alert.
    • Edit alert - opens a wizard for editing the alert.
    • Edit notifications - opens a wizard for editing notifications associated with this alert.
    • Duplicate alert - opens a wizard for making a copy of (and editing) this alert.
    • Delete alert - deletes this alert definition.
  3. Save and publish any new configuration.

Editing a predefined alert

  1. On the Alert management screen, Alerts tab, select the Predefined tab.

  2. Select the alert.
    Because a predefined alert can only be modified for a selected device, you will find the links to the editor beside each report server in the Devices with alert list.

  3. In the Devices with alert list (the lower list), select one of the following:

    • Actions ► Edit alert (which takes you to the start of the alert wizard)
    • Actions ► Edit notifications (which takes you straight to the Alert notifications page of the alert wizard)
  4. Use the wizard to edit the alert.

    • Alert basic settings

      • Alert name
      • Alert description
    • Triggering and propagation settings

      • Detection settings
      • Output filters
      • Propagation settings
    • Alert notifications

      • Message
      • Alert recipients
        • E-mails
        • Trap Recipients
        • Mobile
        • Script
  5. Review the Summary page to be sure you have what you need.

  6. Click Apply.

  7. Click Publish Configuration.

Editing a user-defined alert on a single device

To edit an alert definition on a single CAS, you first need to remove it from this device.

Assume that an alert definition is assigned to two devices, CAS A and CAS B, and that you want to modify the definition only on CAS A.

  1. On the Alert management screen, Alerts tab, select the User-defined tab.
  2. For the alert definition that you want to modify, select Actions ► Edit alert.
  3. In the CAS list for this alert, clear the check box for CAS A to remove the alert from CAS A.
  4. Click Finish to save the changes.
  5. On the summary screen, click Apply.
  6. In the Save configuration pop-up window, choose to save the configuration as a draft.
  7. Back on the Alert management screen, duplicate the modified alert definition.
  8. Edit the duplicated definition according to your needs.
    1. Modify the definition name.
    2. Assign the definition to CAS A and remove it from CAS B.
    3. Modify the detector and notification settings.
    4. Click Finish to save the changes.
    5. On the summary screen, click Apply.
    6. In the Save configuration pop-up window, choose to save the configuration as a draft.
  9. Click Publish Configuration to apply new settings to the devices.

You can create an alert from scratch or (see the next procedure) duplicate an existing alert.

On the Alert management screen, Alerts tab, select the User-defined tab.

Click the Add alert button.
This opens the alert wizard to the first page, Alert basic settings.

Follow the on-screen instructions.
Use Next and Previous to navigate through the wizard.

For full background and instructions on creating an alert, see Defining an alert - process overview.

Duplicating an alert

Duplicating an existing, functioning alert definition and then editing the settings to suit your needs is a very good alternative way to create a new alert.

On the Alert management screen, Alerts tab, select the User-defined tab.
Note that duplication is not possible for any of the predefined alert definitions.

Find the alert you want to duplicate.

On the Actions menu for that alert, select Duplicate alert.
This opens the alert wizard with a copy of the selected alert's definition.

In the alert wizard, make any adjustments you need and click Next or Finish proceed with the subsequent wizard steps.

For full background and instructions on creating an alert, see Defining an alert - process overview.

After the definition is ready, save and publish the configuration.

Deleting an alert

On the Alert management screen, you can delete any of the user-defined definitions and some of the predefined ones.

You cannot delete certain predefined alerts, but you can disable them. For more information, see Enabling and disabling alerts.

To delete an alert:

  1. On the Alert management screen, Alerts tab, select the User-defined or Predefined tab.

  2. Delete as needed.

    • To delete one definition on all available devices, select Delete alert from the Actions menu for that alert.

    • To delete several alerts at a time, from all available devices, select their check boxes and then select Delete selected from the Actions menu at the top of the alert list.

    • For user-defined alerts only:
      To delete a definition from a single report server (CAS), click Edit alert to access the definition wizard and then clear the check box for the device from which you want to delete the alert.

  3. Click Publish configuration to apply new settings to the devices.

Managing alerts by device

Use the Devices tab of the Alert management system to list and manage alerts by device.

Managing alerts

The upper table lists all devices by IP address and device type, build, and description.

  • Select a device (row) in table of devices to list all alerts assigned to the selected device.
  • Select Show disabled to list disabled alerts. Otherwise, only enabled alerts are listed.
  • Click Enable or Disable in the Actions column to change the status of any listed alert.

Saving MIB

Each trap has an associated trap definition, identified by an OID, in the MIB in the alarms.mib file. This MIB can be imported on the trap recipient to correctly interpret the meaning of the alert and automate any corrective actions. To save the  alarms.mib file reflecting all the user-defined alerts, log on to RUM Console, click Alerts in the main menu, switch to Devices tab and select the device. Click the Save MIB button to download the alarms.mib file for the highlighted device to a convenient location on your desktop. Refer to your network management platform manual for information on how to install third-party MIBs.

Delivering an alert

Alert notifications can be sent to a specified e-mail address or via SNMP traps.

Notifications are sent to recipients based on subscriptions. Users (alert subscribers) can select which alerts they want to receive, apply additional filtering criteria, and select the delivery mechanism. When e-mail is the selected delivery mechanism, all alerts that have occurred within a single monitoring interval are by default sent in one e-mail message.

Every enabled alert, even if it has no recipients defined, is generated and can be viewed in the alert logs. All alert notifications, whether e-mailed or not, are recorded in alert logs. For more information, see Alert Log Viewer.

When traps are the selected delivery medium, a separate trap is associated with each alert notification. Each trap has an associated trap definition, identified by an OID, in the MIB in the alarms.mib file. This MIB can be imported on the trap recipient to correctly interpret the meaning of the alert and automate any corrective actions. Refer to your network management platform manual for information on how to install third-party MIBs.

Alert states and notifications

The alert system is a multi-layer mechanism. For a NAM user, the most important elements of this mechanism are alert states and notifications. An alert is raised if the monitored traffic meets the conditions specified in the alert definition, such as when a particular metric exceeds a defined threshold value. An optional notification can then be sent.

Alert states

If a given metric exceeds its threshold value, an alert state might not be triggered immediately. Exactly when an alert is triggered is defined in the alert definition. It often happens that you want to raise an alert only after a threshold has been exceeded a specific number of times in a given time interval. Similarly, notifications are not sent in direct response to the triggering conditions but in connection with alert states being raised, remaining on, or being lowered.

For example, an alert can be raised:

  • As soon as the triggering conditions are fulfilled (after just one occurrence of the alert condition).
  • After a specified number of occurrences of a given condition.

An alert state can then be lowered, or will expire:

  • Immediately after the condition that triggered the alert has ceased to occur.
  • If the triggering condition has not reappeared for a specified number of minutes.
  • If the triggering condition has not reappeared for a specified number of reporting cycles.

A condition can repeat a number of times, but after an alert is triggered (raised), it remains raised until it is turned off or expires (is lowered). Similarly, after an alert condition is raised, a notification can be sent zero or more times while the alert state remains on, and a notification can be sent when the alert is turned off.

Notifications

After an alert is raised, an optional notification can be sent. Whether a notification is sent depends on the alert definition. Later, if the alert state remains on, repeated notifications can also be sent as needed. In particular, while the alert remains on, an alert notification can be repeated:

  • In every reporting cycle
  • Every specified number of minutes

Alert cancellation notifications are also possible: an alert definition can specify that a notification should also be sent when the alert state is lowered, that is, when the alert reverts to the off state.

Notifications are sent not in direct response to triggering conditions, but in response to alert states being raised, remaining on, or being lowered. One alert can send a number of notifications. After an alert is turned on, it remains in the on state until it is turned off or expires.