Alert definition example: new server detected

In this example, we want to raise the alert if we detect new active IP addresses that accept connections in the data center.

For detecting new active IP addresses, we will use the New server detected alert and will configure it to filter IP ranges belonging to Data Center subnets.

Open the Alert management screen.

On the Alerts tab, click Predefined.

The predefined alerts are listed. In this example, we configure a predefined alert to suit our purposes. Details concerning the selected alert are shown under the list.

Select the Show disabled check box to display alerts that are by default disabled.

In the Filter box above the list, type new and OK to filter the list on "new".

You want to find the New server detected alert.

Click the “New server detected” alert to select it.

That line will be highlighted in the list and the details concerning that alert will be displayed under the list.

In the alert details section (under the list), in the Actions column, select Actions  ► Edit alert for the device to which you want to apply this alert.

When more than one CAS is listed, be sure to select the row for the CAS to which you intend to apply the alert.

When you select Edit alert, the alert wizard will open for the selected alert and device.

Specify basic settings

On the Specify Basic Settings page of the wizard, click Next to skip to the next screen.

In this example, there is no need to change the information on this tab. It is possible to edit the description and name, but this is generally not recommended, because you change the threshold values and other parameters, not the underlying predefined alert mechanism.

Define triggering and propagation conditions

View the Detection Settings tab; there are no settings to make for this alert.

Click the Output filters tab to specify when to raise this alert.

  1. On the Output filters tab, click Add filter group.

  2. In the list, select Server IP address.

  3. In the Server IP address edit box, set the address to 10.1.1.* .

    This will limit the scope of the alert to the data center subnet. Note that you can change the above address to one that matches your network.

Click the Propagation settings tab to specify how the alert will be propagated.

  • Leave Raised after with the default setting1, indicating that the alert is to be raised after one interval during which a new server was observed.

  • Enable Delayed processing so that the alert is not raised before the system learns which devices belong to your network and which can be considered new.

Click Next.

The Configure Alert Notifications screen of the alert definition wizard is displayed.

Configure alert notifications

On the Configure Alert Notifications page of the wizard, click Next to skip to the next tab.

In this example, there is no specific example changes on this tab. Normally, however, you would use the three tabs (Users, Trap Recipients, and Compuware Open Servers) to specify where and how to send out alerts. If you specify nothing here, the alerts will be written only to the alert log.

Click Next.

The Review Summary screen of the alert definition wizard is displayed.

Review summary

On the Review Summary page of the wizard, verify your alert settings before you apply them to the report servers.

If you need to change anything, click Previous to go back to the appropriate page of the wizard.

Click Apply.

On the pop-up window you can select the option to save your changes as a draft, if you intend to make more changes now, or to immediately publish the changes if you want to make your changes live now.