Alert rules
Alert rules contain information defining what the system does with a particular alert instance when it is received. Alert rules also determine the list of receivers of email notifications for a given alert.
There are two types of alert rules:
- Action rules –defining what the system does with a particular alert
- Email rules –defining a list of emails of alert receivers
Each alert rule has a value. Action rules have integer values which determine what to do with an
alert. The value can be one of the following:
- 0 - Do nothing
- 1 - Send email
- 2 - Open Service Request
- 4 - Send SNMP trap
- 5 - Send email and SNMP trap
- 6 - Send SNMP trap and open Service Request
Rules can be defined on three levels (alert rule scope):
- Global - apply to all alerts
- Alert type - apply to all alerts of a given type
- Alert reason code - apply to alerts with the given reason code
_to
) or extend ( when using
_add_to
) email rules from higher level.Alert rule name consists of the following parts:
[scope]_[suffix]
where
[scope]
is one of the following:def
- used for global scope- value of alert type, for example:
HW_NEEDS_ATTENTION
- value of reason code, for example:
101
[suffix]
is one of the following:action
- for action rulesto
oradd_to
- for email rules
Table 1 presents all possible rule names. In place of
[Type]
any alert type from
alerts registry can be used (for instance, HW_NEED_ATTENTION
) and in place of
[ReasonCode]
any alert reason code from alerts registry can be used (for instance
101
).
Level (scope) | Action Rule | Email Rule |
---|---|---|
Global defaults |
|
|
For alert type |
|
|
For reason code |
|
|
Resolution for action rules is as follows:
- If there is
[ReasonCode]_action
rule present for given alert reason code it will be used. - Otherwise, if there is
[Type]_action
rule present for given alert type it will be used. - Otherwise, if there is
def_action
rule present it will be used. - Otherwise, the action is "do nothing".
_add_to
rule is
used it extends the list of emails from lower level rather than replace it.Examples
Following is an example set of rules defined for a
platform:
def_to =["admin1@company.com","admin2@company.com"]
SERVICE_RESTARTED_action = 1
HW_SERVICE_REQUESTED_action = 2
HW_NEEDS_ATTENTION_action = 1
159_add_to = ["securityadm@company.com"]
159_action = 4
Based
on this set, the following action resolution is applied by the system:Assumption: Reason code
159
is assigned to
HW_NEEDS_ATTENTION
on this system.- When any
SERVICE_RESTARTED
alert is received, an email toadmin1@company.com
andadmin2@company.com
is sent. - When any
HW_SERVICE_REQUESTED
alert is received, Call Home is called for opening PMR and no email is sent as action is set to 2. - When any
HW_NEEDS_ATTENTION
alert is received with reason code other than159
, an email toadmin1@company.com
andadmin2@company.com
is sent. - When alert with reason code
159
is received, an email toadmin1@company.com
,admin2@company.com
andsecurityadm@company.com
is sent, and SNMP trap is sent, as action is set to 4. - When any alert other than
SERVICE_RESTARTED
,HW_SERVICE_REQUESTED
orHW_NEEDS_ATTENTION
is received nothing is done.