Rule to resolve an alert

Similar Messages

• Timed 3-state script monitor can't auto resolve the alert

  My environment is 2007 R2. I usually create timed 2-state script monitor which works fine. However yesterday I created a timed 3-state script monitor. I did check the option "Automatically resolve the alert when the monitor returns to healthy state".
  Then I put it in our DEV to test. The monitor trigger the alert properly. However when the critical situation is gone, the alert didn't resolve itself. Since my script also output the result into event log, so I am pretty sure the "Healthy" state
  was returned.
  Then I did a test, I created a timed 2-state script monitor. This monitor uses almost exactly the same script as the 3-state one. The only modification is 3-state script will output status as "Critical", "Warning" and "Healthy".
  In 2-state script, I just simply changed the "Warning" one to "Critical". Then I put it in the test. When critical situation is detected, both 3-state and 2-state monitor trigger the alert properly. However after the situation changed back
  to healthy, only alert generated by 2-state monitor resolved and marked itself as "closed" while the alert generated by 3-state monitor still shown as "New".
  I am wondering whether this a bug? Does anyone get the similar issue?

  Hi,
  As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered". Either the previous steps should
  be helpful for many similar scenarios and will be marked as answer, or this post will be marked as answer in order to close the thread. Feel free to re-open the thread if you have additional information about this specific case or to open a new thread for
  a new case. In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.
  Thanks,
  Yan Li
  Regards, Yan Li

• How to create rule/monitor to generate alert for a reboot of Linux (Redhat) server?

  Need to receive an alert when a Linux server reboots. How can this rule/monitor be created?

  You can use the "Shell Command" templates to create a UNIX/Linux Shell Command (Alert) rule.  See the walkthrough and background here:
  http://operatingquadrant.com/2012/01/30/opsmgr-2012-unixlinux-authoring-templates-shell-command/
  The following command will identify the seconds the system has been "up" and return OK if it is greater than 15 minutes, and REBOOTED if the seconds up are less than 15 minutes.  Your Shell Command rule should alert if the StdOut value contains
  REBOOTED. 
  upseconds=`cat /proc/uptime |awk '{print int ($1 )}'`;if [ $upseconds -lt 900 ];then echo REBOOTED;else echo OK;fi
  www.operatingquadrant.com

• Rogue Rules and Rogue AP alert in Prime

  Hi Supportcommunity,
  i have done a lot of research according this topic but i was unfortunately unable to find an helpful post.
  If i missed something I am sorry about.
  I got the following issue my customer complains about Rogue AP Alerts in Cisco Prime.
  There are always many of them.
  I already configured the Rogue Rules at the WLC´s security tab as follows.
  Here are the rules in detail.
  1st rule
  2nd rule
  3rd rule
  Could you please help me to understand what I did wrong.
  I dont understand why there are still so many Rogue warnings although I configure it to not alert.
  Thanks for your support
  With kind regards
  Benedikt

  Rogue detection is a way of being aware of other APs in your surroundings, I would not advise on turning the SNMP traps off totally. On the other hand the customer cant really blame you because there are other APs around their network? In 99,9% of all networks there will be....
  However, if you want to tidy up among the rogue alarms, the rules can be used. 
  What your rules are saying is "Anyone except me using my SSIDs? - mark it as a Bad Guy" (OK).
  Then it gets a bit weird to me, lets do a short one on Signal strength:
  - 30 dBm = Less than one meter from the AP at max European output level 20 dBm EIRP
  -40 dBm = Ten times weaker, some 2-4m from AP. All distances are roughly speaking...
  -50 dBm = 1/100 weaker, less than 10m from AP
  -60 dBm = 1/1000 weaker, some 16m from AP, a "normal" and strong signal
  -70 dBm = 1/10000, within 30m from AP, not great, but lower end of "normal" span
  -80 dBm = hardly useable signal, might be able to connect @ 1-2 Mbps, not much more
  -90 dBm = almost no clients can use this weak levels
  -100 dBm = background noise.
  You delete rule says that "Any other AP located less than a meter from mine (-30 dBm) should be marked as Malicious and deleted". Lower this to, say -70 dBm and see what happens.
  Also note that the order of the rules can be important. It runs from top down, and as far as I remember the last one that matched determines if it is Friendly or Malicious. Play around with the levels first, then if necessary the order of the rules, and get back...
  **Please rate helpful posts**

• SCOM 2012 sp1 Resolving Heartbeat Alerts.

   Hi!
  I want to get email alerts when Computer Unreachable (windows clients with scom agents). In that guide http://technet.microsoft.com/en-us/library/hh212798.aspx I can not find Health
  Service Heartbeat Failure and Computer
  Not Reachable monitors for override them to class Windows clinets with scom agents. Could
  you tell me step-by-step how can I make this email notification. Thank you!

  Notification Subscription
  1) In the subscription condition, select created by specific rules or monitors
  2) add "computer not reachable" and "Health Service Heartbeat Failure" monitors
  Monitoring
  1) you should open the health explorer of entity health service watcher
  2) In the monitoring workspace, select discovered inventory and then click change target type
  3) Change the target type as health service watcher
  4) right click the item and select health explorer
  Roger

• Auto close informational alerts generated by rule

  Hi,
  Is there a way to configure auto close for specific informational alerts?
  There is some information alerts which pops up and due to my environment limitations we are unable to completely prevent it from occurring. The exact details of the alerts i am going to pass as my intend is not to resolve the alert completely but I would
  like to find out if there is a way to automatically close them? I do not want to disable the alerts via overrides because I want to keep it there for reporting purpose. I also know there is "Automatic Alert Resolution" settings which
  can configure the system to auto resolve all old alerts after 7 days. This is also not what I want.
  Regards,
  Terence

  Create a subscription with a criteria that meets the alerts generated by that rule, then configure a 'Command Channel' under that subscription (no notification is required) in order to change the 'Resolution State' to 'close' in for these type
  of alerts.
  the following link covers the Command Channel PowerShell that changes the resolution state
  http://blogs.catapultsystems.com/cfuller/archive/2012/05/04/how-can-i-tell-if-opsmgr-scom-actually-sent-me-an-email-step-by-step-sysctr-[storing-information-on-subscriptions-sent-in-alert-history].aspx

• Transport alert category and alert rule

  Hi,
  We are using SAP BASIS 700 (NW2004S SP9). We have created alert category and alert rule in development system. We now want to transport this alert category and alert rule to test system. I have referred to sapnote 913858 but its valid till SAP BASIS 640 and we are using SAP BASIS 700.
  Does anybody know how to resolve this issue?
  Regards,
  Mateen.

  Thank you all you 3 wonderful people, your replies did helped and I am definitely going to reward you with the points..Now I am getting alerts in my alert inbox. Can you also help me with some info on alerts?
  1) What exactly happens when I check and uncheck "Suppress Multiple Alerts of this rule" checkbox while creating alert rule? I have read some documentations for it in sap help website and also in some of the forums but its still very confusing to me. Can you please give me an exact picture of it?
  2) I am unable to get alert emails in my lotus notes. I compared my profile setup in XIJ and XIT using TCode SU01 and found that the PARAMETERS tab had some discrepancies. Can you please confirm if this can be the reason?
  Best Regards,
  Mateen.

• Alert Rule Setting via Tcode

  Hi Experts,
  Is there any Tcode to set Alert Rules after defining the Alert Category.
  RWB is not opening. is there any Tcode for setting the Alert Rule??
  Please suggest.
  Regards,
  Sushama

  Hi,
  Step1:
  1. Start the Exchange Profile via: http://<j2ee-host>:<http-port>/exchangeProfile
  2. Select the section "RuntimeWorkbench" on the left frame.
  a. check for parameter com.sap.aii.rwb.server.centralmonitoring.httpsport, if not existingu2026..
  3. Click on "New Paramter" on the right frame.
  4. Insert the parameter name: com.sap.aii.rwb.server.centralmonitoring.httpsport
  5. Insert the https port of the Central Monitoring Server into the value field. You find the value of this parameter when you start the tcode SICF on the Central Monitoring Server. From the Menu "Goto" choose the entry "Port Information". Select the value from "Service" column of the row "HTTPS".
  6. Click on "Save".
  Step2:
  Initiate RWB using URL - http://<j2ee-host>:<http-port>/rwb/rtc?op=init
  Step3:
  You may perform full CPA Cache Refresh only If you were allowed to perform.
  i faced similar issue after adding Fully qualified domain name in Exchange profile my issue got resolved,
  what is the error are you getting while accesing RWB.
  Regards,
  raj

• Notifications not being generated for alerts generated by rules.

  I'm using SCOM 2012 R2 and have configured an alert generating rule to create alerts when specific events occur in a windows event log.
  The rule works fine, alerts are generated as expected.
  I have also configured subscriptions/subscribers/channels to send notifications via email and SMS (via script in command channel) however even with the criteria set to send on all alerts, I only receive notifications for alerts generated by monitors (so
  I know the subs and channels do function)
  It seems like some sort of workflow issue where alerts generated by a rule fail to create a notification.
  Is there any logging I can enable to see what's happening here? 
  Any other ideas?

  In System Center 2012 Operations Manager, the alert notification will be sent when the alert first meets all criteria, regardless of resolution state, unless resolution state itself is a criterion. If alert suppression is enabled for the rule or monitor
  that raises an alert, only one notification will be sent when the subscription criteria are first met. No additional notifications will be sent until the alert is closed and a new alert is raised that meets all subscription criteria.  PLease check
  1) whether your rule has trun on alert supression
  2) Close the alert, craised by rule,  and do it again
  Roger

• Alert Rule Configuration in SAP PI 7.3

  Hello,
  I am using PI 7.3. It's java stack only. I am using component based alert configuration.
  AlertConsumerJob is running. But for a particular scenario, no alert is generated, although the message status is "System error". We are getting the below error for this scenario.
  com.sap.engine.services.jndi.persistent.exceptions720.NameNotFoundException: Object not found in lookup of PI_Technical team.
  This alert generation is working fine for others scenarios. Means, we are able to get alert mail for other scenarios.
  Please advise.
  Thanks & Regards,
  Moumita

  Hi Moumitha,
  Please find below links may be its Helps you
  Alert Rule is not sending Alert Emails PI7.3
  Alert Configuration in PI 7.31
  Regards,
  Rajendar K

• Alert Rule - not working. Wild Card character issue

  Hi All,
         I have a requirement where I need to trigger alerts for mapping failures
  of all the interfaces whose namespace is urn:abc.com:odna* or urn:abc.com.odna*.     (in the first instance, there is dot before odna and int he second instance, a colon before odna )
  So to suit both the cases, I gave urn:abc.comodna in the Alert Rule.
  It worked before. But now its not working.
  Then when i changed it to urn:abc.com:odna* it works again. i really dont understand how it worked before and why it fails now.
  What is the reason for the unpredicatable behaviour of WildCard Character based Alert Rules?
  Should Wild Card Characters be avoided completely?

  Hey
  Just create two separate alert rules for the same alert category
  one for urn:abc.com:odna* and another for urn:abc.com.odna*.
  but before that please make sure that "Suppress multiple alerts of this rule" box is unchecked.
  Also please check SAP Note 913858
  Thanx
  Aamir
  Edited by: Aamir Suhail on May 20, 2009 9:16 AM

• Looking for a SQL query to get all the possible Alert Messages from the Rules in a Management Pack

  For reporting, I'm looking to get a SQL query of all the possible Alert Messages for Rules configured in a Management Pack (not necessarily the ones that have thrown alerts).  I can do this for Monitors, but not for Rules. 
  The configured alert messages for the Management Pack Monitors
  go like this:  ManagementPack > MonitorView> RuleModule > RuleModule.Alert Message > Localized Text
  The configured alert messages for the Management Pack Rules
  should go something like this, but there is a missing link:  ManagementPack > RuleView > RuleModule > ? Missing Link ? > Localized Text
  The Rules are tied to the Module, but I don't see a connection from the RulesModule to the Alert Message that I see in the LocalizedText. The Rule names do not always equal the Alert name. 
  Can someone provide the missing link?

  Hi,
  please try below powershell code to find the corresponding management pack for specific alert:
  $Alert = get-scomalert | where {$_.Name -like 'Agent Proxy Not Enabled*'} | select -first 1
  If ($alert.IsMonitorAlert -eq "True") {
  write-host "Ths is a monitor-generated alert"
  get-scommonitor -ID $Alert.MonitoringRuleID | select Enabled, DisplayName, ManagementPack
  else
  write-host "This is a rule-generated alert"
  get-scomrule -ID $Alert.MonitoringRuleID | select Enabled, DisplayName, ManagementPack
  In addition, please also refer to the below link:
  http://blogs.technet.com/b/mazenahmed/archive/2011/12/02/using-powershell-to-map-opsmgr-active-alert-to-its-corresponding-rule-monitor-and-management-pack-name.aspx
  Regards,
  Yan Li
  Regards, Yan Li

• Alert Category in rule not yet confirmed.

  Hi All,
    I am getting the following error in Alert log
      Error :
  "Alert Category ALERT_CCMS in rule not yet confirmed, Skip creation of new alert".
    I have followed all the steps in the Monitoring setup guide
     for sap xi 7.0 ( 2004s) sps 12
    but still not getting alerts to inbox
  Can anyone help me in overcoming this error?
  Regards
  KLK

  HI,
  In the Alert Inbox check whether you have confirmed the Alerts which are already generated.
  If supress alerts check box is check for alert rules , if the previous alert is not confirmed the next alert wont be triggered.
  Check the Report RSALERTPROC and delete the Old alerts.
  Thanks,
  Tanuj

• What can be monitored using Alert rule via Runtime workbench? Help!

  Hi Experts,
          In the alert configuration in XI runtime workbench, there is something called Alert Rule. Under Alert Rule there are options where we can give sender/receiver interfaces, channel, etc.
  What exactly we can monitor using this option?
  If my receiver is another SAP R/3 system then using this can I send alert when the SAP R/3 is down?
  Similary if my sender is also SAP R/3 then can I monitor if this system is down?
  What more can we monitor with this?
  Kindly help!
  Thanks
  Gopal

  Hi,
  Alert rule is not at all used for monitoring directly. it can act as a filter for your alert category. so first you must have created an alert category.
  you can specify the sender/receiver party,service,interface and namespace in a alert rule after choosing a alert category.
  you can also specify where you are expecting an error like integration engine or adapter engine
  if you define an alert category with an alert rule, no restrictions then you will get all alerts for all sort of errors from all of your interfaces.
  so by specifying an alert rule you are restricting an alert category that you created to a particular sender service or namespce etc..
  to get step by step idea of how to create alerts see the below blogs
  /people/michal.krawczyk2/blog/2005/09/09/xi-alerts--step-by-step
  /people/michal.krawczyk2/blog/2005/09/09/xi-alerts--troubleshooting-guide
  kind regards
  francis

• Alert Rules vs Alert Category - Is there any limitations for multiple rules

  I have an alert configuration implemented already and i want to add few more rules for the same alert category.  While creating the rules for new set of scenarios, I am able to create only one rule . Is there any limitations for having the rules per category ?

  Hi,
  If the Suppress Multiple Alerts of This Rule checkbox is selected (default setting), then no further alerts are generated once the rule has been met until the first alert has been confirmed.
  There is no limitation of creating alert rule for a particular alert category.
  Check out the steps of Alert rule configuration.
  Creating Alert Rules
  To create an alert rule in which you use a defined alert category, proceed as follows:
         1.      Give the rule a name (Description).
         2.      Select the alert category that you want to use by clicking the corresponding category in the alert category table.
         3.      If necessary, specify conditions for the sender or receiver, or both.
  &#9675;       If your rule results in alerts that must be assigned to a specific message, select the option Yes for the Bound to Message condition.
  &#9675;       If your rule results in alerts that are not assigned to a message, that is, they are caused by errors that occurred before the message was sent, select the option No for the Bound to Message condition.
  In this case you cannot enter any further details about the sender or receiver.
  &#9675;       If the rule is to cover both cases, select the Not Relevant option.
         4.      If required, restrict the errors further to:
  &#9675;       Errors reported from the Integration Engine (with or without error category or error code)
  &#9675;       Errors reported from the Adapter Engine (with or without adapter type)
  You can enter an asterisk (*) in steps 3 and 4. You can enter just the asterisk, or enter it at the start, end, or start and end of a string.
         5.      To add the new rule to the list of alert rules, choose Add Rule.
  If the Rule Activated check box is selected (default setting), the rule is automatically activated when you add it and is displayed as active.
  If the Suppress Multiple Alerts of This Rule checkbox is selected (default setting), then no further alerts are generated once the rule has been met until the first alert has been confirmed.
  Once you have created a rule, it is automatically displayed in the list of alert rules. If you want to display the conditions of a rule, select a rule in the list and choose Show Conditions.
  Hope this will help you.
  Regards
  Aashish Sinha
  PS : reward point if helpful