Hi
I try to rebuild some alterts from an other monitoring system I’m in the process of decommisioning.
The other system has a different data structure and some allerts use all events but filter by severity.
So I guess I have to start with alterting on all events and remove useless ones with time.
Is there a possibilty to send all events on a devicegroup to a transportgroup?
From the documentation it looks like every event ist explicitly filtered to generate an alarm or am I wrong?
Yes, you could send an alert for every evenrlog. I highly suggest against that.
Decide what things you need alerts for them work on creating alerts for them.
The problem is that I can’t know the relevant events in advance and if I miss one then it would be bad if no message would reach the 24/7 support.
Here an example excerpt from the old system:
DefaultPolicy
Schedule: start Mo. - Fr. 6:55 AM
Name: Appl X
Notification Data: [email protected]
Severity: Critical
Collection: _svc Appl. X
Alarm Type: all 24'000 minus 38 new Alarms
Name: Appl. Y
Notification Data: [email protected]
Severity: Critical
Collections: _svc Appl. Y
As you can see Appl. X matches nearly all Alarm Types while Appl. Y matches all ~24’000 but both only care for critical severity.
I think it’s out of the question, that I rebuild ~24’000 events (at least I think Alarm Type corresponds to events). In the EventLog I see blue and orange/yellow events - is this the severity and can I filter on that? If yes, I guess worst severity + everything send as Trap will work for me.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.