Back to Contents Page

Back to Using IT Assistant

Event Management

Dell OpenManage™ IT Assistant User's Guide

bullet.gif (1107 bytes) Overview bullet.gif (1107 bytes) Configuring the Paging Feature
bullet.gif (1107 bytes) Configuring Event Categories bullet.gif (1107 bytes) E-mail Alert Setup
bullet.gif (1107 bytes) Configuring Event Types bullet.gif (1107 bytes) Viewing, Acknowledging, and Deleting Alerts
bullet.gif (1107 bytes) Configuring Event Actions bullet.gif (1107 bytes) ASF/PET Events and the Event Management System
bullet.gif (1107 bytes) Configuring Event Filters bullet.gif (1107 bytes) Sample Event Management Scenarios
bullet.gif (1107 bytes) Configuring Event Logging bullet.gif (1107 bytes) Known Issues
NOTE: Consult the event management white papers at www.dell.com/openmanage for further information on event management using IT Assistant.

Overview

NOTE: IT Assistant supports event management for Simple Network Management Protocol (SNMP) and Desktop Management Interface (DMI) -instrumented systems. IT Assistant also supports event management through Common Information Model (CIM) for systems instrumented with Dell OpenManage Client Instrumentation 7.0.

IT Assistant's event management system enables you to detect and respond to SNMP traps, CIM indications, and DMI indications generated by managed systems. The robust event management environment handles events from both client and server event sources. 

NOTE: The types of events that IT Assistant recognizes are those related to temperature, voltage, fan speed, chassis intrusion, corrupted BIOS, heartbeat, link up, and system security.

The IT Assistant event management system enables you to perform the following tasks:

NOTE: The management station runs the event filters and initiates any actions configured under the event management system.

Event Source Organization

IT Assistant has many event categories and event types that are predefined and prepopulated for Dell™ management agents. (For servers, the supported management agents are the Hardware Instrumentation Package [HIP] 3.52, Server Agent 4.2, and Server Administrator 1.x. For client systems, the supported management agents are Client Instrumentation 6.0 and 7.0). Event categories and event types are organized as an event tree that, although prepopulated, can be customized to your needs. Event types are the lowest-level "leaves" of the tree and include one or more  event sources.

NOTE: You can expand the IT Assistant event management system to support other vendor's events (see Scenario 2 in "Sample Event Management Scenarios"). The  event management system is prepopulated for, but not exclusively designed for, the Dell agents.

Event Sources

Generally speaking, an event source is a system-level device that is implemented in hardware, firmware, software, or a combination, and which is capable of generating data about a system event that can be recognized, processed, and communicated by a systems management agent. The types of event sources a management agent recognizes depends on the protocol it uses (SNMP, CIM, or DMI) and if and how the event source is defined in a management agent specification file. This specification file is called a Management Information Base (MIB) file for SNMP, a Management Object Format (MOF) file for CIM, and a Management Information Format (MIF) file for DMI. These files adhere to industry-wide standards in structure and syntax, and are written specifically for the protocol and management agents they support. 

The specification files define the event sources that a management agent can recognize, the type of data it can read from an event source, the type of data it can write to an event source (if any), and how to format and communicate that data to and from a  service provider (such as the SNMP service provider), and ultimately to a systems management console such as IT Assistant. Conversely, if no MIB, MOF, or MIF file exists that defines a system's sensors or other information-generating devices, that system cannot be monitored or managed by systems management agents.

The IT Assistant event management system recognizes system-level sensors and other information-generating devices only as they are known in a management agent specification file. In further discussions of the event management system in this document, the term event source refers to an event source definition as it appears in an SNMP MIB, CIM MOF, or DMI MIF file.

NOTE: The event management system currently receives events from, but cannot edit, CIM event sources.

In IT Assistant, an SNMP event source is defined by information specified in the MIB file written for the Server Administrator SNMP subagent, which includes the following MIB file elements: the event source's enterprise identifier (SNMP object identifier [object ID or OID] prefix), generic trap ID, and specific trap ID. A DMI event source is defined by that event source's DMI class and other information as specified in the MIF file written for the Server Administrator DMI subagent or the Client Instrumentation 6.0 event agent.

The severity of the alert generated by an event source is also part of the IT Assistant event source definition. Some event sources, as part of their MIB or MIF file definition, report severity values when they generate an actual event. If desired, you can "map" these values to a different severity value when you define the event source in IT Assistant. This allows a large degree of alert customization. A very practical example would be to reconcile the five or six predefined event severity values in SNMP with the four (unknown, normal, warning, and critical) recognized by IT Assistant.

You can browse MIB and MIF event source definitions in the Details tab of the systems window. For SNMP-instrumented systems, the Details tab displays event source definitions as abbreviations under the device groups that contain them, such as aryMgrEvts under arrayManager. For DMI-instrumented systems, the Details tab displays event source definitions as an Event Generation group under the Dell Systems MIF component (for clients) or the Dell Baseboard MIF component (for servers). An Event Generation Group is listed under each DMI group that corresponds to an instrumented system component that can generate an event, such as the Voltage Probe group.

Customizing Event Sources, Actions, and Filters

Although you are not required to define the elements of the IT Assistant event management system in any particular order, an easy way to customize the system is to define event sources (by creating categories and event types), define event actions, and then associate the sources and actions in the context of a new filter, which defines the source node(s) (managed system[s]) you want to monitor and specifies when the filter is in effect. This approach enables you to quickly implement highly specialized alerting capabilities.


Configuring Event Categories

NOTE: Dell recommends that you do not edit the predefined event categories. If you do, the predefined filters that use those categories as filtering criteria become nonfunctional. To repair the filters, you must add the renamed categories to those filters.

You can add, delete, or edit event categories in the event tree.

To add an event category, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Categories.

  2. In the Event Categories dialog box, click Add Category.

  3. In the Add Category dialog box, specify the name of the new category and click OK.

To delete an event category, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Categories.

  2. In the Event Categories dialog box, click a category in the event tree.

  3. Click Delete.

  4. When prompted if you are sure you want to delete the category, click Yes.

To edit an event category, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Categories.

  2. In the Event Categories dialog box, click a category in the event tree.

  3. Click Edit.

  4. In the Edit Category dialog box, change the name of the category as desired and click OK.

Configuring Event Types

NOTE: Dell recommends that you do not edit the predefined event types. If you do, the predefined filters that use those types as filtering criteria become nonfunctional. To repair the filters, you must add the redefined types to those filters.

You can add, delete, or edit event types in the event tree.

To add an event type to a category, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Categories.

  2. In the Event Categories dialog box, click a category in the event tree, then click Add Type.

  3. In the Event Type Configuration dialog box, enter a Type Name and Description for the new event type.

  4. In the Source Definition control group, select either SNMP or DMI from the Add Event Source drop-down menu.

    The SNMP Event Source Configuration or DMI Event Source Configuration dialog box opens. Use these dialogs to configure a new SNMP or DMI event source.

  5. When you are finished configuring the event source, click OK.

  6. Click OK.

  7. Click Close.

To delete an event type from a category, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Categories.

  2. In the Event Categories dialog box, click a category in the event tree and click Delete.

  3. When prompted if you are sure that you want to delete the event category, click Yes.

  4. Click Close.

To edit an event type, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch, and click Event Categories.

  2. In the Event Categories dialog box, click a category in the event tree, then click Edit.

  3. In the Event Type Configuration dialog box, change the Type Name and Description for the event type if desired.

  4. In the Source Definition control group, do one or both of the following:

  5. When you are finished editing or configuring an event source, click OK.

  6. Click OK.

  7. Click Close.

Configuring Event Actions

You can create, delete, or edit event actions to be associated with an event filter.

IT Assistant has two predefined actions, Alert and NT Event Log, which appear when you assign an action to a filter. You cannot edit or delete either of these actions.

When assigned to a filter, these actions do the following if an event meets the filter criteria:

To create an event action, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Actions.

  2. In the Event Actions dialog box, click New.

  3. In the Create Action dialog box, specify whether you want to create the action from an existing template or from an existing action.

    Click Create from Template to display a list of available action templates, or click Create from Existing to display a list of previously created actions. If you are using IT Assistant for the first time, the Available Actions list is empty.

  4. Select a template or action from Available Templates or Available Actions and click Create.

  5. In the Event Action Definition dialog box, Configure e-mail Action dialog box, or the Page Action dialog box (depending on the type of template or action you selected in step 4), specify the required information, then click Save.
NOTE: You must install the Microsoft SMTP service to enable e-mail alerts.

To delete an event action, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Actions.

  2. In the Event Actions dialog box, select an action from Created Actions.

    Filter Dependencies displays any filters to which this action is currently assigned. After deletion, the action will no longer be performed if IT Assistant detects events that meet the filter criteria.

  3. Click Delete.

  4. Click Close.

Configuring Event Filters

You can add, delete, edit, and assign actions to event filters.

To add an event filter, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Filters.

  2. In the Event Filters dialog box, click Add.

  3. In the Filter Configuration dialog box, specify a name for the filter. This is required.

  4. Under Severity Configuration, specify the threshold severity required for alerts to pass this filter.

  5. Under Time Period, specify the time intervals the filter is to be in effect.

    If no time interval is specified, the filter is always in effect.

  6. Under Select Categories/Types, specify the categories and types of event sources to which the filter is to be applied.

  7. Under Select Source Nodes, specify the managed systems to which the filter is to be applied.

  8. Click OK.

  9. Click Close.

To delete an event filter, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Filters.

  2. In the Event Filters dialog box, select a filter from Filter List, then click Delete.

  3. When you are prompted if you are sure you want to delete the filter, click Yes.

  4. Click Close.

To edit an event filter, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Filters.

  2. In the Event Filters dialog box, select a filter from Filter List, then click Edit.

  3. Follow the procedure for adding a new filter (beginning of this topic) starting with step 3.

To assign an action to an event filter, perform the following steps:

NOTE: In this procedure, you can add one or both of the default actions, Alert and NT Event Log, or you can add a custom action. Alert and NT Event Log are always available as choices in this procedure. You cannot edit or delete either of these actions. When assigned to a filter, these actions do the following if an event meets the filter criteria:
  • Alert causes a pop-up window to appear in the IT Assistant browser-based user interface.

  • NT Event Log enters the event into the Application Log on the management station. The alert appears in the Event Viewer window with the source designation IT Assistant Services. You can access the Event Viewer window by selecting Start Settings Control Panel Administrative Tools Event Viewer.

To assign a custom action, you must first configure an event action and then assign it to a filter using this procedure.

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Filters.

  2. In the Event Filters dialog box, select a filter from Filter List, and then click Actions.

  3. In the Configure Filter Actions dialog box, select a default, paging, e-mail, or application launch action from Available Actions and click Add>>

    The selected action appears in Assigned Actions.

  4. Click Close.

  5. Click Close again.

Configuring Event Logging

To configure filters, cache information, warning size, maximum size, and purge number for the event log, perform the following steps:

  1. On the IT Assistant navigation tree, expand the Configuration branch and click Event Logging.

  2. In the Logging Configuration dialog box, specify a filter, if desired, to use for discarding events from the event log (the default is No Filter). To specify a filter, use the Filter for Discarding Events drop-down menu to select an existing filter, or click Add Filter to define a new filter.

  3. Edit or leave the default values in the remaining  Logging Configuration controls and click OK. See "Logging Configuration" for information on the valid values for each control.

Configuring the Paging Feature

NOTE: Paging service providers have limitations on the number of characters allowed in a page. It is possible to configure alert pages to be longer than those limitations. In this case, the page is not received by the recipient even if it is sent by the IT Assistant pager.
NOTE: Several instructions in this procedure refer you to help topics in the WinBEEP 32 paging program. To access the help system in the WinBEEP 32 program, perform the following steps:

1. Click the Start button, point to Programs, point to WinBEEP 32, and click WinBEEP 32.

2. On the WinBEEP 32 menu bar, click Help, and then click Contents.

If you are unfamiliar with WinBEEP 32, use this help system to learn the WinBEEP 32 program and to help you configure your particular environment. 

IT Assistant uses the WinBEEP 32 paging program to send pages generated by the event management system. You must configure WinBEEP 32 and then configure a paging action before events can successfully trigger a page.

WinBEEP 32 uses a modem to transfer pages to your paging service provider. Therefore, you must  have a modem properly installed and configured in your computer. If you have not done so, obtain a modem and follow the instructions in the modem manufacturer's documentation to install the modem hardware and software.

Configuration Prerequisites

Before you can use WinBEEP 32, you need at least one of each of the following:

Configuring Modem Properties

NOTE: You must perform this procedure on the management station.

To configure the modem properties from the WinBEEP 32 graphical user interface (GUI), see the WinBEEP 32 help topic "Selecting a Modem" (located under the Modems heading on the help contents page), and then perform the following steps:

  1. On the Tools menu, click Services.

    A dialog box opens and displays several tabs.

  2. Click the Modems tab.

  3. Select the check box by the modem you want to use.

  4. Click Properties.

    The Standard Modem Properties dialog box opens.

  5. Click the General tab and ensure that Maximum Speed is not set higher than 1200; this is especially important for alphanumeric pagers.

  6. Click the Connection tab, click Advanced, and ensure that Settings displays an initialization string.

    The initialization string depends on the type of modem installed. Without this string, the modem will not work properly.

  7. Use the Phone Dialer utility provided in the Microsoft Windows 2000, Windows XP Professional, or Windows 2003 operating system to ensure that the modem is working properly.

Ensure that the modem properties are also set in the operating system or messages may not be sent reliably. Also ensure that the operating system modem properties are set to the Winbeep properties; setting the Winbeep properties to the operating system modem properties can result in paging failures.

To view the modem properties in Winbeep, perform the following steps:

  1. In Winbeep, select Tools, then Services.

  2. Click the Connections tab.

  3. Click the connection (paging) service being used.

  4. Click Properties.

  5. Click the Options tab.

Winbeep does not fully interface with the standard Windows TAPI interface. You may need to duplicate some properties set in the operating system modem properties, such as dialing 9 to reach an outside line, in WinBEEP.

After configuring the paging feature, it is important to test it using the WinBEEP GUI  to ensure reliable pages.

Configuring a Service Provider

A service provider provides pagers and the service that delivers messages to the pagers. A service provider accepts the messages sent through WinBEEP 32, then sends the messages to the appropriate subscriber(s).

To learn more about the role of a service provider, see the WinBEEP 32 help topic "Service Provider Overview."

To configure a new service provider, see the WinBEEP 32 help topic "Adding a Service Provider."

NOTE:  Service providers generally provide two telephone numbers: a user access number and a modem access number. The user access number may have a prerecorded message to assist users and is meant to be accessed by a telephone. The modem access number has no such message and is meant to work specifically with modems; it is ready to accept a paging message as soon as you dial the number. Ensure that you use the modem access number of your service provider when configuring the service provider.

NOTE: If the telephone line your modem uses requires a dial-out number to obtain a dial tone for outside calls, enter one or more commas (,) after the dial out number. This causes the modem to pause after dialing the dial-out number, most likely giving it enough time to obtain an outside line. For example, if the modem telephone line requires 9 as the dial-out number and the telephone number of your service provider is 1-800-XXX-XXXX, then specify the telephone number for your service provider as 9,1-800-XXX-XXX.

Configuring a Subscriber

A subscriber is anyone who can receive an electronic message through a pager. After you configure individual subscribers, you can create subscriber groups, which enable you to send the same message to every individual subscriber in that group.

To view the WinBEEP 32 subscribers' list, select Subscribers from the View menu, or click Subscribers on the WinBEEP 32 toolbar.

To configure a new subscriber, see the WinBEEP 32 help topic "Subscriber Overview" and then select "Adding a Subscriber."

NOTE: You must configure a service provider before you configure a new subscriber.

Configuring a Filter Action to Send a Page

To configure a filter action to send a page, see "Configuring Event Actions" and "Configuring Event Filters."

Maximum Page Message Length 

Some service providers put a limit on the maximum length of the page message; the page may not go through if the message is beyond this length. If your users' pages are not being received, this may be the cause.

It is recommended that you consult your service provider to obtain the maximum supported page length. The length of the message allowed to go through can be configured in the WinBEEP application. It can also be configured through IT Assistant by performing the following steps:

  1. In the IT Assistant configuration directory, open the dconfig.ini file using a text editor.

  2. Locate the [EVENT_MANAGEMENT_CONFIG] section. 

  3. Set the MaxPageMssgLength parameter to the maximum length you obtained from your service provider.

    All message strings longer than the maximum length will be shortened to fit this value.

  4. Save the dconfig.ini file and restart the IT Assistant services.

E-mail Alert Setup

NOTE: You must install the Microsoft Simple Mail Transfer Protocol (SMTP) service on the IT Assistant management station to enable e-mail alerts.

The IT Assistant management station has the ability to send e-mail based on events received from managed systems. Most problems with e-mail alerting are caused by not enabling SMTP on the management station, not entering the mail server's IP address into the Domain Name System (DNS), or both. The following sections describe how to enable and test the e-mail alert feature.

Setting Up E-mail Alerting 

For e-mail alerting to work properly, you must configure Microsoft Internet Information Server (IIS) and SMTP to forward e-mails to the mail server in either a domain or workgroup environment. To direct the IT Assistant e-mails to the mail server, perform the following steps on the management station:

  1. Click the Start button, point to Settings, point to Control Panel, point to Administrative Tools, and click Computer Management.

  2. In the Computer Management (Local) tree, expand the Services and Applications, then expand its Internet Information Services branch and click the Default SMTP Virtual Server folder.

  3. On the menu bar, click Action and then click Properties.

  4. In the Default SMTP Virtual Server Properties dialog box, select the Delivery tab and click Advanced.

  5. Enter the IP address of the mail server in the Smart Host field.

  6. Select the Attempt direct delivery before sending to smart host check box.

  7. Click OK.

  8. Open a command prompt window, change to the C:\Program Files\Dell\OpenManage\ITAssistant\bin directory, and enter the following command:

    sendmail t email@domain.com f test s "Test Message" b "This is a test"

    where email@domain.com is the Fully Qualified Name (FQN). The FQN includes the username and domain, such as j_smith@mycompany.com.

    The e-mail feature is operational if this test e-mail message is delivered properly.

Troubleshooting E-mail in a DNS Environment

Perform the following steps to troubleshoot the e-mail setup in a DNS Environment:

  1. Ensure that SMTP is enabled on the mail server.

  2. On the IT Assistant management station, verify the TCP/IP configuration by performing the following steps:

    1. Open a command-prompt window and enter the following command:

      ipconfig /all

    2. Inspect the results of the ipconfig command and verify that the managed system has a valid IP address, the correct default gateway, and a DNS server.

    3. Verify DNS resolution to the mail server by entering the following command:

      nslookup mail_server_name || mail_server_IP_address

      where mail_server_ name is the host name of the mail server, and mail_server_IP_address is the IP address of the mail server. This command should not return any errors.

    4. Verify that there is a mail server (MX) record in the DNS database.

  3. Change to the C:\Program Files\Dell\OpenManage\ITAssistant\bin directory and enter the following command:

    sendmail t email@domain.com f test s "Test Message" b "This is a test"

    where email@domain.com is the FQN. The FQN includes the username and domain, such as j_smith@mycompany.com.

    The e-mail feature is operational if the test e-mail message is delivered properly.

  4. If no e-mails are sent to your mail server, perform the following steps:

    1. Inspect the SMTP settings and verify whether or not .eml files are collecting in the drop directory. This directory defaults to C:\netpub\Mailroot\Drop, but can be changed. These files collect in the drop directory if IT Assistant generates e-mail alerts that cant reach your mail server.

    2. If no .eml files are present in the drop directory, verify that the IT Assistant alert settings are correct.

Viewing, Acknowledging, and Deleting Alerts

When an alert is detected for a system, IT Assistant updates the system status indicator displayed in the systems window. The updated status indicator displays the event severity.

To view, acknowledge, or delete alerts, perform the following steps:

  1. In the IT Assistant navigation tree, expand the Views branch and click Alerts.

This action opens the alerts window. A list of alerts from all systems display with a status indicator, host name, and description. New alerts display with a new alert indicator to the left of the alert.

  1. If you want to acknowledge an alert, click the alert and click Ack.

    Acknowledging the alert removes the new alert indicator, but leaves the alert listed in the alerts window.
NOTE: Acknowledging alerts is a good way to keep track of how many alerts a system is generating. Even users who are logged in to IT Assistant with read-only access may acknowledge alerts.
  1. If you want to delete an alert, click the alert and click Delete. This permanently removes the alert from the Alerts window.

ASF/PET Events and the Event Management System

This version of IT Assistant supports alerting based on platform event trap (PET) events as defined by the Alert Standard Format (ASF). ASF/PET alerting requires that the managed system have an ASF-enabled local area network (LAN) network interface controller (NIC) integrated on the system board, and also be instrumented with Client Instrumentation 7.0 or later.

When IT Assistant receives a PET event, it formats the event message into an easily readable format. IT Assistant enables you to define event filters and actions based on these events. For more information on using the event management system, see "Sample Event Management Scenarios," and download the white paper "Using the Dell OpenManage IT Assistant Event Management System" from the Dell OpenManage White Papers website at www.dell.com/openmanage.

IT Assistant supports PET temperature change events, fan status and speed events (defined in the "Environmental" IT Assistant event category); voltage change events (defined in the "Power" IT Assistant event category); chassis intrusion, system password failure, and user authentication events (defined in the "Security" IT Assistant event category); heartbeat and network connectivity events (defined in the "Network" IT Assistant event category); a corrupt BIOS event (defined in the "Other" IT Assistant event category); and central processing unit (CPU) dead-on-arrival (DOA) alerting (defined in the "Processor" IT Assistant event category). Consult your system documentation for specific ASF/PET events and event types supported on your system.

Using the event management system, you can select individual PET event types and configure IT Assistant to alert you or another user by e-mail, page, dialog box pop-up, application launch, or script launch if it receives one of those events. For IT Assistant to receive these events, you must specify the IP address of the management station as the event destination on the managed system. 

NOTE: The event management system has an event caching feature that filters out duplicate events if they are received within a specific time frame. IT Assistant ignores some entity-present, or "heartbeat," events, if they fall within this specified time frame. See the previously mentioned event management white paper to configure this caching feature to achieve the results you want.

Sample Event Management Scenarios

The following scenarios describe a basic and an advanced example configuration and implementation of the IT Assistant event management system.

Scenario 1

Joe and Bob share the responsibility of monitoring critical events for servers A, B, and C, but at different times. Joe is on a morning shift (0600 hours to 1200 hours), while Bob handles the rest of the time. Also, Tom lends a hand for servers B and C on Tuesdays. All three IT technicians have pagers and e-mail addresses and want to be notified through both. In addition, Tom wants to see a pop-up alert at his IT Assistant browser-based user interface whenever a critical event occurs.

Event Management System Setup for Event Categories

All of these IT technicians are monitoring servers with Dell OpenManage HIP installed on them. Since event categories are already prepopulated for Dell agents, no category preconfiguration is necessary.

Event Management System Setup for Event Filters

NOTE: See "Configuring Event Filters" for detailed information on performing the steps mentioned in this section.

Since Joe, Bob, and Tom monitor events at different times, three different filters need to be set up.

To set up Joe's filter:

  1. Name the filter Joes Critical Events.

  2. Select the critical event check box under Severity Configuration.

  3. Select Enable Time Range and set the start time at 6 a.m. and the end time at 12 p.m.

  4. Select Select All check box under Event Categories/Types.

  5. Select servers A, B, and C under Select Source Nodes.

To set up Bob's filter:

  1. Name the filter Bobs Critical Events.

  2. Select the critical event check box under Severity Configuration.

  3. Select Enable Time Range and set the start time at 6 p.m. and the end time at 12 p.m.

  4. Select Select All under Event Categories/Types.

  5. Select servers A, B, and C under Select Source Nodes.

To set up Tom's filter:

  1. Name the filter Toms Critical Events.

  2. Select the critical event check box under Severity Configuration.

  3. Select Enable Days and select Tuesday from the days of the week.

  4. Select Select All under Event Categories/Types.

  5. Select servers B and C under Select Source Nodes.

Event Management System Setup for Event Actions

NOTE: See "Configuring Event Actions" for detailed information on performing the steps mentioned in this section.

You need to set up six actions for Tom, Joe, and Bob (three e-mails plus three pages). The alert action is already set up.

To set up Joe's actions:

Select Joes Critical Events in the Event Filters dialog box and select Actions. First, create an e-mail action. Select New Action.... Joe is creating a new action, not a derivation of one, so choose Create from Template, then e-mail, then Create.... Name the action e-mail Joe. Insert Joe's e-mail address in the To: field. In the From: field, Joe inserts an e-mail alias that is meaningful, yet will not be filtered out by his e-mail server. Changing the subject and message fields is optional.

Next, Joe creates a paging action. Before he does this, Joe runs Winbeep's configuration utility and creates a subscriber ID for himself, such as "JoesPager." Joe creates a paging action from a template and inserts the subscriber ID of JoesPager in the To: field of the paging action he calls Page Joe. Again, changing the message is optional.

When these actions are created, they are added automatically to the filter. Actions are executed in the order they are listed in the actions window; however, you can use the Move Up and Move Down buttons to change execution order. An alternate way that Joe could have created actions for his filter is to select Event Actions from the IT Assistant navigation tree and create his actions from there. Then he chooses Event Filters from the navigation tree, selects his filter, and adds the actions he created. Joe can edit or delete the actions he created from the dialog displayed by clicking Event Actions on the navigation tree. One convenient feature of this dialog is that when he selects an action he or someone else has set up, the filters to which that action has been applied will show in the bottom pane, giving warning that, if Joe wants to change or delete his action, it could affect more filters than just those that he set up.

To set up Bob's actions:

Bob sets up his actions to e-mail and page himself (Bob has to go into Winbeep also) just as Joe did.

To set up Tom's actions:

Tom sets up his actions to e-mail and page himself just as Joe and Bob did. Tom also adds the Alert Action action to pop up an alert at his IT Assistant browser-based user interface.

With the actions and filters set up as described, Joe, Bob, and Tom will receive e-mail, pages, and a pop-up alert (for Tom) when a critical event occurs on their watch.

Scenario 2

NOTE: This is an advanced scenario that describes how to set up new event sources that are not prepopulated by Dell. Only users with a thorough knowledge of SNMP and/or DMI should attempt this.

Tom monitors a room of servers for a Web hosting service. In this room are servers from Dell, Sunny Computer Corp., and GenericServers.com. Unfortunately, space is at a premium and the amount of equipment in the room has started to create ventilation problems, resulting in some systems overheating. Tom wants to make sure that he is alerted when a system starts to show overheating problems, and he wants to be able to do this with one application for all of his servers.

Tom determines that microprocessor temperature is a good parameter to use in determining whether a server is overheating. Fortunately, all three of his server vendors provide agents that monitor various temperature probes within the server and send traps based on preset thresholds.

Of the three server vendors' management applications, Tom finds that IT Assistant is the only one that can notify him by pager when an SNMP trap is received. Tom also learns that Dell has prepopulated IT Assistant's event management database to recognize traps from Dell agents (such as Dell OpenManage Server Agent). However, before Tom can set up an event filter and event actions based on that filter, he must configure IT Assistant to recognize the traps from the other two vendors. Tom can do all of this from the IT Assistant browser-based user interface.

First, Tom needs to look at the trap definitions for the other two server vendors—unfortunately, he finds that each does things a little differently. Tom is only interested when a temperature probe goes to a warning or critical status, not if it returns to a normal status. Tom finds that Sunny Computer Corp. servers produce separate traps for each severity level change of a temperature probe. In other words, the servers generate a separate trap (each with a different specific trap ID) for each possible temperature probe status (normal, warning, and critical). He also finds that the fourth varbind of the trap contains a text string that specifies the location of the temperature probe.

Tom gathers the data he needs to successfully configure IT Assistant to recognize the trap: enterprise OID, generic trap ID, specific trap ID, what severity the trap represents, and the relevant varbind information. He does this for both the warning and critical temperature probe traps. Tom now needs to configure IT Assistant.

On the IT Assistant navigation tree, he chooses Event Categories under the Configuration branch. Tom could create a new category for the trap event sources generated by the other two server agents, but he decides to put them under the same event category and event type used by the prepopulated Dell temperature probe trap. The event category for this  trap is Environmental and contains the event types Temperature Warning for warning traps and Temperature Failure for critical traps.

Tom starts by setting up the warning trap. First, he chooses the event type Temperature Warning under the event category Environmental and clicks Edit ... . Tom needs to add an event source definition for the trap, so he clicks Add Event Source..., and then SNMP. He names the event source Sunny ComputerCorp. Agent and completes the generic trap ID, specific trap ID, and enterprise OID. He also chooses a severity level that the trap represents.

The Format String field contains the text of what Tom will see when he receives this alert from IT Assistant, so he wants to ensure that it contains meaningful information. He fills it in with the following text:

A temperature probe warning has been received from system $n at date $d and time $t: the location of the probe is $4.

Notice that Tom uses available variable substitutions as defined in "SNMP Event Source Configuration." The $4 represents the fourth varbind of the event source, starting from a count of 1. Tom clicks OK to complete setup of the temperature warning event source. Then he chooses the Temperature Failure event type and sets it up the same way as he set up the temperature warning. When he completes setup of both sources, he confirms his additions by clicking OK all the way back up to the Event Categories dialog box.

Next, Tom needs to add the event source for his GenericServers.com servers. He needs to approach this event differently because the status of the temperature probe Tom wants to monitor is actually in one of the varbinds of the trap. Tom puts this event under the event category Environmental as he did for Sunny Computer Corp. This time, however, he decides to create his own event type because the same trap will be received for both warning and critical temperature change events; therefore, the trap does not fit any one severity event type (such as Cooling Device Failure or Cooling Device Normal). Tom selects Environmental,  then clicks Add Type.... He names the event type Temperature Probe Status change. He also gives the event type an optional description in the Description field. To configure the event source, Tom once again clicks Add Event Source..., then clicks SNMP.

At this point, Tom needs to consult the MIB or trap events file provided by GenericServers.com for its agent. He finds the following information for the trap he is interested in: a specific trap ID of 1000, a generic trap ID of 6, and an enterprise OID of .1.3.6.1.4.1.300.100.1.1.1. Tom also finds out what each varbind sent with the trap contains. He knows that he needs the two varbinds that provide the severity of the event and the location of the probe.

NOTE: Each vendor agent's traps are different; these values are not guaranteed to be in a trap.

Tom knows that each varbind has it own OID assigned to it, which he also knows should be the enterprise OID followed by additional information to identify that particular varbind. IT Assistant needs this information for the varbind that contains the severity of the event to be able to access its value. He has determined this OID to be .1.3.6.1.4.1.300.100.1.1.1.3. Tom also needs to figure out what values this varbind contains and what they mean (such as 1 = OK, 2 = warning, 3 = critical) so that he can map the value to a standard IT Assistant severity level.

From reading the MIB, Tom determines that the GenericServers.com agent produces the following severity values for the trap and varbind he needs: 1 = other, 2 = unknown, 3 = OK, 4 = warning, 5 = critical, 6 = nonrecoverable. Tom is only interested in values of warning and critical, but he decides it is best to go ahead and map all the possible values. Tom also finds that the fifth varbind contains the location of the probe.

Tom is now ready to finish configuring IT Assistant to recognize this trap. Tom enters the enterprise OID, generic trap ID, and specific trap ID that he noted from the MIB file. He also enters a similar format string as he did for the Sunny Computer Corp. agent, noting the differences:

A temperature probe status change has been received from system $n at date $d and time $t with severity $s: the location of the probe is $5.

Tom is now ready to configure the severity mapping by value. First, he clicks By Value on the Severity menu, then clicks Add Severity .... He starts with the severity value of other: In the Severity combo box, he clicks Unknown (Unknown and Other severities are represented by the same icon in the IT Assistant browser-based user interface: a gray question mark). For the Object ID, he enters .1.3.6.1.4.1.300.100.1.1.1.3, and then for the Object Value he enters 1. He clicks OK, and now the value of 1 is mapped to Unknown.

Next, he maps Other (or 2) to a severity of Unknown; then he maps OK (or 3) to the IT Assistant severity of OK, and so on until all six of the values that are possible for the varbind are mapped to IT Assistant severities. After he defines all severity mappings, Tom saves all that he has configured by clicking OK all the way back up to the Event Categories dialog box and then clicks Close on the Event Categories dialog box to finish his setup.

Tom has the temperature events that he is interested in configured for the Sunny Computer Corp. and GenericServers.com agents. Now he  needs to set up a filter for his new events, not only because he is especially interested in them, but because he realizes that other filters may already watch for these events due to their being configured as members of existing event categories and event types. On the IT Assistant navigation tree, Tom clicks Event Filters, then clicks Add... in the Event Filters dialog box.

For Filter Name, he enters Tom's Temperature Events - Warning and Critical only. He then selects Warning and Critical for the severity configuration. He doesn't care about time filtering, so he does not perform time or date configuration.

Tom is only interested in temperature changes, so in Select Event Categories / Types under Environmental, he selects the event types that include the new event sources that he has entered. For his Dell servers, he selects all event types that include Temperature in their names.

In Select Source nodes, Tom selects all nodes because IT Assistant has discovered only the servers in the room where he is having ventilation problems. Tom clicks OK to accept the filter setup.

Next, Tom sets up actions for his filter. In the Event Filters dialog box, he selects his new filter and clicks Actions .... He decides he wants the interface to display an alert pop-up, so he selects that option. He has already configured a pager action (set up before he began this procedure), so he also selects that action. He then clicks Close, then Close once again.

Tom will now receive a page and an alert pop-up when a temperature probe status goes to a value of warning or critical. He can then look at the location string, which prints as part of the alert message, to see if it is a microprocessor temperature probe.

NOTE: Temperature probe location can vary widely, depending on the agent generating the event.

Tom decides to test his setup by causing each agent to generate a temperature warning event and a temperature critical event. (How he causes these events to be triggered depends on the agent.) Tom would be able to tell immediately if his event source setup was correct by looking at the IT Assistant Alerts window. If IT Assistant matched the event with his new filter's event sources, the format string he entered during setup will display for the event; if not, raw trap information will show for the alert message. If Tom finds that IT Assistant could not match the event to the event sources he set up, he can use the raw trap information in the Alerts window to help him determine what piece of comparison data (enterprise OID, specific trap ID, generic trap ID, or others) is incorrect.


Known Issues


Back to Contents Page

Back to Using IT Assistant