Working with alerts

To remove this alert from the Active Alerts monitor, it must be “handled” (moved with appropriate comment to the Handled Alerts Monitor). Consider the following scenario:

• A rule is in place that watches for a Server Down event and generates a Sev 1 alert for that event.
• When that server goes down, an alert is generated and displayed in the Active Alerts Monitor.
• An operator who is watching the Active Alerts monitor notices the alert, investigates the server, and restarts the server.
• After the server is back up, the alert needs to be “handled” by specifying an appropriate comment, such as “restarted the server.”
• The user ID and the date and time when the alert was “handled” are recorded in the database along with the comment.
• The alert is moved to the Handled Alerts Monitor.