Creating and Managing Alert Rules

Navigation:  Alerting >

Creating and Managing Alert Rules

Previous pageReturn to chapter overviewNext page

Alert Rules define workflows for various alerting situations and Alert Instances use those Rules applied to servers/groups, alert destinations and N/T values.  In this topic creating, modifying and deleting alert rules are discussed. We will then create an instance of a rule.

 

In alert rules you define how those rules are connected to servers. For this first one defines graphical workflows and then these graphs are connected to instances. There are alert rules applied to specific situations ( servers, N/T, notification destinations).  This means that you can create one workflow and connect it to various servers.

 

This functionality is available only for System Administrators (Superusers)

 

 

To view the current alerts in the system

 

1.   Click Alert Rules from the Alerting menu.

 

      alert_rules_menu

 

     The following page opens displaying the current rules in the system.

 

alert_rule-pg

 

Note:   The ones in black color are the rules and the ones in blue under the rules are the instances of the rule. To see the alert instances in action refer to the Notifications in detail topic.

 

To create an alert rule

 

1.   Click create_gen_rule_btn. The following flow-chart representation is created on the page.

 

  new_generic_rule_flow

      In our example we'll create a new generic rule for unsuccessful logins for a particular user where the user is also notified via the email-address.  

 

Note:   You can click and drag this representation to anywhere you want to position it on the work space. Similarly newly added objects can also be similarly moved and the flow-diagram automatically redraws itself.

Also there are N/T ( N times in T period seconds ) before raising alert. This is the way to group entries based on common value ( similar to SQL group by ) so that multiple items can count as one raised alert. N/T is that box next to rule i.e. in aq_user_toni_instance10 for example, it is that 1 /1s box.

 

user_toni_nt

 

For raw alerting items can be grouped by server value and for indexed alerting items can be grouped by server value + all other values that are indexed

 

2.   Click the Add Operator or Query button to add the AND, OR or the NOT condition to the rule as shown below.

 

        add_operator_query_btn

 

3.   From the drop-down select OR.  The resultant image looks as follows.

 

    new_generic_rule_flow2

Note:   If you wish to delete the operator click the Remove this node button. remove_node_btn. A confirmation dialog is displayed as shown below.

 

remove_node_confdg

 

Click Yes to remove the node.

 

     In our case since we wish to notify user when an unsuccessful login takes place, click the Add operator or Query button and select unix_auth_failed_login from the drop-down.

 

    unix_auth_failedlogin_selected

 

     The diagram looks as follows.

 

    new_generic_rule_flow3

 

4.   Click the select a notify button and from the drop-down select email.

 

        add_notification_target-btn

 

       The flow-diagram must now look as follows.

 

      new_generic_rule_flow4

 

Note:   In this fashion you can add or remove one or more nodes.

 

5.   Click apply_btn.  The rule is saved and listed in the list of rules on the column on the left as shown below. (NEW_GENERIC_RULE_2)

 

    new_generic_rule_saved

 

5.   Finally to rename the new generic rule double-click the name of the generic rule. It is enabled for editing as shown below.

 

    renaming_gen_rule

    Rename the rule to one of your choice.

 

 

6.  Click apply_btn to save the new name.

 

 

To remove a rule

 

1.   Select a rule from the list.

 

2.   Click remove_btn. The rule delete confirmation dialog is displayed.

 

    remove_rule_confdg

 

3.   Click Yes.