Policy Actions
There are several ways to take action when a failure is detected:
- Incident registration/sending emails
- Program execution
- SNMP trap
Configure these actions on the [Monitors] > [Alert Policy] tabs.
Note:
If you change the alert policy after detecting a failure, the changed alert policy will be applied once you clear the violation caused by the failure. To create a new alert policy:
- Click [Monitors] > [Alert Policy] tabs, then click the [Add] button.
- Enter the alert policy name, click [New Action], and select an action.
Violation Email
Violation Email sends an email when an error occurs. To send e-mail, you must set up an e-mail server in advance.
| Violation Email Setting | Explanation |
|---|---|
| Email destination | Set the incident email destination. |
| Email destination Cc | Set the CC email destination. |
| limit | Specify when to notify by email. |
| (Initial value: Do not notify more than once per minute) | |
| View email customizations | You can customize the subject, preamble, and concluding sentence. |
| a violation first occurs for each device | Sends an email on first violation on a device-by-device basis. |
| additional violations have occurred | Sends an email when the number of violations increases. |
| a violation has started clearing | Sends an email when the status automatically transitions to “Clearing”. |
| a violation has been cleared | Sends an email when the status automatically transitions to “Cleared”. |
Execute
You can run programs from remote hosts. Logs in to the specified remote host via SSH and executes the specified command from the remote host.
| Execute Setting | Explanation |
|---|---|
| Remote SSH Host | Specifies the remote host (external server) on which to execute the command. |
| Port | Port number used for SSH connections. |
| Username | User used to log in to the remote host. |
| Password | The user’s password used to log in to the remote host. |
| Command | Command to run on remote host. |
| a violation first occurs for each device | Execute the command on the first violation on a device-by-device basis. |
| additional violations have occurred | Executes a command when the number of violations increases. |
| a violation has started clearing | Execute the command when the status automatically transitions to “Clearing”. |
| a violation has been cleared | Execute the command when the status automatically transitions to “Cleared”. |
Incident
This action creates an incident when a failure occurs. You can also send an email by entering the email address in the email recipient/Cc field. To send e-mail, you must set up an e-mail server in advance.
| Incident Setting | Explanation |
|---|---|
| Priority | Specify the priority when registering an incident. |
| Default Assignee | Specify the person responsible for the incident. |
| If the user account that registered the email address is designated as the person in charge, when an incident is updated, the update will be notified to the email address of that user account. | |
| E-mail recipients | Set the incident email destination. |
| If not entered, the email will not be sent. | |
| E-mail Cc recipients | Set the CC email destination. |
| If not entered, the email will not be sent. | |
| Frequency | Specify when to notify by email. |
| Initial value: Do not notify more than once per minute. | |
| View email customizations | You can customize the subject, preamble, and concluding sentence. |
| a violation first occurs for each device | Sends an email on first violation on a device-by-device basis. |
| additional violations have occurred | Sends an email when the number of violations increases. |
| a violation has started clearing | Sends an email when the status automatically transitions to “Clearing”. |
| a violation has been cleared | Sends an email when the status automatically transitions to “Cleared”. |
| a user clears a violation | Send an email when a violation is manually updated. |
| a user modifies an incident | Send an email when an incident is manually updated. |
| for user actions, ignore frequency and send email immediately | Regardless of the violation/incident, if it is manually updated, email will be sent immediately regardless of the “Frequency” setting above. |
Send SNMP Trap To Devices
When a failure occurs, a trap can be sent to other NMSs, alarm devices, etc.
| Setting | Explanation |
|---|---|
| Target Address | Specify the destination of the SNMP trap sent when a failure occurs. |
| Community String | Specify the community string for SNMP traps to be sent. |
| a violation first occurs for each device | Sends an SNMP trap on a device-by-device basis at the first violation. |
| additional violations have occurred | Sends an SNMP trap when the number of violations increases. |
| a violation has started clearing | Sends an SNMP trap when the status automatically transitions to “Clearing”. |
| a violation has been cleared | Sends an SNMP trap when the status automatically transitions to “Cleared”. |
The traps sent by ThirdEye are as follows:
trap name: triggerViolation
trap OID: 1.3.6.1.4.1.45654.2.1.1
| Trap Variables | Variable Name | Explanation |
|---|---|---|
| thirdEyeDeviceUuid | UUID of the failed device (used internally by ThirdEye) | |
| thirdEyeDeviceIpAddress | IP address of the device where the failure occurred | |
| thirdEyeManagedNetwork | Management network to which the failed device belongs (used by ThirdEye) | |
| thirdEyeDeviceHostname | Host name of the device where the failure occurred | |
| thirdEyeMessage | Incident message | |
| thirdEyeMeasurement | Monitor content | |
| thirdEyeSeverity | Incident severity | |
| thirdEyeDeviceCustom1 | Custom 1 contents of the device where the failure occurred | |
| thirdEyeDeviceCustom2 | Custom 2 contents of the failed device | |
| thirdEyeDeviceCustom3 | Custom 3 contents of the failed device | |
| thirdEyeDeviceCustom4 | Custom 4 contents of the device where the failure occurred | |
| thirdEyeDeviceCustom5 | Custom 5 contents of the failed device | |
| thirdEyeClearStatus | Violation status (not cleared/clearing/cleared) | |
| thirdEyeOccurrenceCount | violation count | |
| thirdEyeFirstViolation | First violation (True/False) | |
| thirdEyeSeverityEnum | Incident severity number |
Webhooks
Webhooks can be used to notify via Mattermost, Slack, Teams, Line, and PagerDuty and Google Chat when an abnormality occurs. To use this feature, you need to set up webhooks and add apps on each tool in advance.
Mattermost:
Slack:
Teams:
Line:
PagerDuty
Google Chat:
| Webhook Setting | Explanation |
|---|---|
| webhook url | Enter the URL generated on Mattermost/Slack/Teams/Line/PagerDuty. |
| Channel | Enter the channel to post the notification to. (Mattermost only) |
| A user | Enter the user who will post the notification. (Mattermost only) |
| a violation first occurs for each device | Notifications will be sent on a device-by-device basis at the first violation. |
| additional violations have occurred | We will notify you if the number of violations increases. |
| a violation has started clearing | Notifies you when the status automatically transitions to “Clearing”. |
| a violation has been cleared | Notifies you when the status automatically transitions to “Cleared”. |
| Use configured Web Proxy | Select whether to use a Web Proxy. |
Note:
PagerDuty requires the user to enter a routing key when setting up a Webhook.
Without a routing key, “No Template” will be shown in the Template option field.
Run Jobs Suite
You can run programs from remote hosts. Log in to the specified remote host via SSH and execute the specified command from the remote host.
| Run Job Setting | Explanation |
|---|---|
| Job To Run | Enter the job name of the job you want to run. |
| a violation first occurs for each device | Execute the command on the first violation on a device-by-device basis. |
| additional violations have occurred | Executes a command when the number of violations increases. |
| a violation has started clearing | Execute the command when the status automatically transitions to “Clearing”. |
| a violation has been cleared | Execute the command when the status automatically transitions to “Cleared”. |
- Select the monitor set you want to apply and click [OK].
With the above operations, the application of the monitor set is completed.
The [Details] column in the left panel displays a list of monitors being monitored. You can doubleclick the device to expand it and see if the monitor is reflected in the [Details] column.
