Alert Rules define workflows for various alerting situations and Alert Instances use those Rules applied to servers/groups, alert destinations and N/T values. In this topic creating, modifying and deleting alert rules are discussed. We will then create an instance of a rule.
In alert rules you define how those rules are connected to servers. For this first one defines graphical workflows and then these graphs are connected to instances. There are alert rules applied to specific situations ( servers, N/T, notification destinations). This means that you can create one workflow and connect it to various servers.
This functionality is available only for System Administrators (Superusers)
To view the current alerts in the system
1. Click Alert Rules from the Alerting menu.
The following page opens displaying the current rules in the system.
Note: The ones in black color are the rules and the ones in blue under the rules are the instances of the rule. To see the alert instances in action refer to the Notifications in detail topic.
To create an alert rule
1. Click . The following flow-chart representation is created on the page.
In our example we'll create a new generic rule for unsuccessful logins for a particular user where the user is also notified via the email-address.
Note: You can click and drag this representation to anywhere you want to position it on the work space. Similarly newly added objects can also be similarly moved and the flow-diagram automatically redraws itself.
Also there are N/T ( N times in T period seconds ) before raising alert. This is the way to group entries based on common value ( similar to SQL group by ) so that multiple items can count as one raised alert. N/T is that box next to rule i.e. in aq_user_toni_instance10 for example, it is that 1 /1s box.
For raw alerting items can be grouped by server value and for indexed alerting items can be grouped by server value + all other values that are indexed
2. Click the Add Operator or Query button to add the AND, OR or the NOT condition to the rule as shown below.
3. From the drop-down select OR. The resultant image looks as follows.
Note: If you wish to delete the operator click the Remove this node button. . A confirmation dialog is displayed as shown below.
Click Yes to remove the node.
In our case since we wish to notify user when an unsuccessful login takes place, click the Add operator or Query button and select unix_auth_failed_login from the drop-down.
The diagram looks as follows.
4. Click the select a notify button and from the drop-down select email.
The flow-diagram must now look as follows.
Note: In this fashion you can add or remove one or more nodes.
5. Click . The rule is saved and listed in the list of rules on the column on the left as shown below. (NEW_GENERIC_RULE_2)
5. Finally to rename the new generic rule double-click the name of the generic rule. It is enabled for editing as shown below.
Rename the rule to one of your choice.
6. Click to save the new name.
To remove a rule
1. Select a rule from the list.
2. Click . The rule delete confirmation dialog is displayed.
3. Click Yes.