It’s time to take a look at alerting in Orion. There are several common alerts that are prebuilt and active by default. So from the moment you finish the Orion install, the alert engine is checking for alert events and you’ll start to see
alert traffic notifications. Here on my summary page I can see the All Triggered Alerts resource, which shows me all my active alerts. Under Event Summary I can see a count of triggered alerts and alert resets during a particular time period.
When I look at my node details view, I can see any active alerts on this particular node. So there’s no shortage of built-in alert notification. I’m going to jump now to the Alerts view.
This is where you can most easily see and manage any active alerts. You can group your alerts in several ways including by severity level, the alert name, or the object that triggered the alert.
After you’ve grouped your alerts, you can also sort them. By default, the alerts are sorted by trigger time, but you can sort on any of the columns. If you’re dealing with a high volume of alert traffic, this makes it a whole lot easier to find the alerts you’re looking for.
Once you’ve found an alert you want to look at, you can select the alert and click on View Alert Details. Here you can manage the alert, see how long ago this alert fired, and see the history of the alert on this object and any other objects this alert has triggered on.
So the bottom line is, we give you a ton of information about your alerts. If you want to actually do something about the alert though, you’ll have to have the appropriate permissions on your user account. So let’s take a look at the user account settings quickly.
Alert management rights determines whether this user can create new alerts or modify the logic of existing alerts. Alert limitation categories filter which alerts this user can see. You’ve already seen that when an alert fires there will be an alert notification in the web console, but you can also assign additional actions to your alerts to do things like create a log file or send an email. Allowing the Account to Disable Actions lets this user turn off any of these additional actions. This would be sort of a lower level permission. Despite our best efforts, there’s always going to be that one alert that ends up generating an email storm and this permission would allow someone to kill that email action, but the alert itself will continue to run, looking for new alert events. That’s different than the next option; allow the account to disable the alert. Some users should be able to turn the alerts on and off, but probably not all. So this would be more of a mid-level permission. As is the next one, Allow Account to Disable All Actions.
This permission enables a checkbox in the ‘More’ dropdown menu of the Alerts view that basically allows this user to say “we’re getting flooded with emails and text messages, I have no idea why, so I’m just killing every single action on every single alert until we get this figured out.” This is sort of a panic button for when something seems to have gone horribly wrong and you just need a minute to get things sorted out.
And finally, we have Allow Account to Clear Events, Acknowledge alerts and syslogs. This is probably another lower level permission. Anyone who has anything to do with managing the objects that might trigger an alert is probably going to get permission to acknowledge the alerts. My admin account has permission to do all of the above, so let me jump back into my Alerts view.
So let’s begin with the most basic of permissions; acknowledge. When you select an alert and click acknowledge, by default you’ll get a dialogue box to add notes if you’d like… but notice you can disable the Notes as well…
I’ll click Acknowledge again, and now you can see that the alert has been acknowledged and which user acknowledged it. Acknowledging an alert doesn’t just let you see who’s working on an issue, it can also suppress any actions associated with the alert. For example maybe you have two tiers of afterhours support. Your tier one support is supposed to pick up any alert issues immediately, and tier two is just supposed to be notified by email if tier one doesn’t pick up the alert within a certain amount of time. So when tier one support acknowledges the alert, the alert is still active because the problem isn’t resolved, but tier two doesn’t get an email.
Remember I disabled alert notes just a second ago? So this time when I click acknowledge, I see that I have acknowledged this alert, but I don’t get a pop-up box.
To turn alert notes back on, go to the More dropdown box and uncheck Don’t prompt for alert notes. Also notice on the drop-down I can choose to hide acknowledged alerts in this view.
If you have alert management rights, you can also click on Manage Alerts where you’ll be able to see a list of all alerts, manage and edit those alerts, or create new ones. You can also get there by going to Settings > Alerts and Reports > Manage Alerts.
So here are all of my alerts. If I scroll to the right I can see basic alert details. On the left-hand side of the screen I can group my alerts to make them easier to find. I can also see which are currently enabled and which are not, and I can turn them on or off. But if I want to do anything more than that, I need to edit the alert.
In the alert editor, I can again turn the alert on or off, modify the alert logic, and add or change alert actions. But rather than modify an existing alert, in the next few videos I’m going to walk you through building a new alert from scratch where we can look at each of these actions in detail.
Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment. You elect to use third-party content at your own risk, and you will be solely responsible for the incorporation of the same if any.