Back to Contents Page
Back to Using IT Assistant
Dell OpenManage IT Assistant User's Guide
|Overview||Configuring the Paging Feature|
|Configuring Event Categories||E-mail Alert Setup|
|Configuring Event Types||Viewing, Acknowledging, and Deleting Alerts|
|Configuring Event Actions||ASF/PET Events and the Event Management System|
|Configuring Event Filters||Sample Event Management Scenarios|
|Configuring Event Logging||Known Issues|
|NOTE: Consult the event management white papers at www.dell.com/openmanage for further information on event management using IT Assistant.|
|NOTE: IT Assistant supports event management for Simple Network Management Protocol (SNMP) and Desktop Management Interface (DMI) -instrumented systems. IT Assistant also supports event management through Common Information Model (CIM) for systems instrumented with Dell OpenManage Client Instrumentation 7.0.|
IT Assistant's event management system enables you to detect and respond to SNMP traps, CIM indications, and DMI indications generated by managed systems. The robust event management environment handles events from both client and server event sources.
|NOTE: The types of events that IT Assistant recognizes are those related to temperature, voltage, fan speed, chassis intrusion, corrupted BIOS, heartbeat, link up, and system security.|
The IT Assistant event management system enables you to perform the following tasks:
|NOTE: The management station runs the event filters and initiates any actions configured under the event management system.|
IT Assistant has many event categories and event types that are predefined and prepopulated for Dell management agents. (For servers, the supported management agents are the Hardware Instrumentation Package [HIP] 3.52, Server Agent 4.2, and Server Administrator 1.x. For client systems, the supported management agents are Client Instrumentation 6.0 and 7.0). Event categories and event types are organized as an event tree that, although prepopulated, can be customized to your needs. Event types are the lowest-level "leaves" of the tree and include one or more event sources.
|NOTE: You can expand the IT Assistant event management system to support other vendor's events (see Scenario 2 in "Sample Event Management Scenarios"). The event management system is prepopulated for, but not exclusively designed for, the Dell agents.|
Generally speaking, an event source is a system-level device that is implemented in hardware, firmware, software, or a combination, and which is capable of generating data about a system event that can be recognized, processed, and communicated by a systems management agent. The types of event sources a management agent recognizes depends on the protocol it uses (SNMP, CIM, or DMI) and if and how the event source is defined in a management agent specification file. This specification file is called a Management Information Base (MIB) file for SNMP, a Management Object Format (MOF) file for CIM, and a Management Information Format (MIF) file for DMI. These files adhere to industry-wide standards in structure and syntax, and are written specifically for the protocol and management agents they support.
The specification files define the event sources that a management agent can recognize, the type of data it can read from an event source, the type of data it can write to an event source (if any), and how to format and communicate that data to and from a service provider (such as the SNMP service provider), and ultimately to a systems management console such as IT Assistant. Conversely, if no MIB, MOF, or MIF file exists that defines a system's sensors or other information-generating devices, that system cannot be monitored or managed by systems management agents.
The IT Assistant event management system recognizes system-level sensors and other information-generating devices only as they are known in a management agent specification file. In further discussions of the event management system in this document, the term event source refers to an event source definition as it appears in an SNMP MIB, CIM MOF, or DMI MIF file.
|NOTE: The event management system currently receives events from, but cannot edit, CIM event sources.|
In IT Assistant, an SNMP event source is defined by information specified in the MIB file written for the Server Administrator SNMP subagent, which includes the following MIB file elements: the event source's enterprise identifier (SNMP object identifier [object ID or OID] prefix), generic trap ID, and specific trap ID. A DMI event source is defined by that event source's DMI class and other information as specified in the MIF file written for the Server Administrator DMI subagent or the Client Instrumentation 6.0 event agent.
The severity of the alert generated by an event source is also part of the IT Assistant event source definition. Some event sources, as part of their MIB or MIF file definition, report severity values when they generate an actual event. If desired, you can "map" these values to a different severity value when you define the event source in IT Assistant. This allows a large degree of alert customization. A very practical example would be to reconcile the five or six predefined event severity values in SNMP with the four (unknown, normal, warning, and critical) recognized by IT Assistant.
You can browse MIB and MIF event source definitions in the Details tab of the systems window. For SNMP-instrumented systems, the Details tab displays event source definitions as abbreviations under the device groups that contain them, such as aryMgrEvts under arrayManager. For DMI-instrumented systems, the Details tab displays event source definitions as an Event Generation group under the Dell Systems MIF component (for clients) or the Dell Baseboard MIF component (for servers). An Event Generation Group is listed under each DMI group that corresponds to an instrumented system component that can generate an event, such as the Voltage Probe group.
Although you are not required to define the elements of the IT Assistant event management system in any particular order, an easy way to customize the system is to define event sources (by creating categories and event types), define event actions, and then associate the sources and actions in the context of a new filter, which defines the source node(s) (managed system[s]) you want to monitor and specifies when the filter is in effect. This approach enables you to quickly implement highly specialized alerting capabilities.
|NOTE: Dell recommends that you do not edit the predefined event categories. If you do, the predefined filters that use those categories as filtering criteria become nonfunctional. To repair the filters, you must add the renamed categories to those filters.|
You can add, delete, or edit event categories in the event tree.
To add an event category, perform the following steps:
To delete an event category, perform the following steps:
To edit an event category, perform the following steps:
|NOTE: Dell recommends that you do not edit the predefined event types. If you do, the predefined filters that use those types as filtering criteria become nonfunctional. To repair the filters, you must add the redefined types to those filters.|
You can add, delete, or edit event types in the event tree.
To add an event type to a category, perform the following steps:
To delete an event type from a category, perform the following steps:
To edit an event type, perform the following steps:
You can create, delete, or edit event actions to be associated with an event filter.
IT Assistant has two predefined actions, Alert and NT Event Log, which appear when you assign an action to a filter. You cannot edit or delete either of these actions.
When assigned to a filter, these actions do the following if an event meets the filter criteria:
To create an event action, perform the following steps:
|NOTE: You must install the Microsoft® SMTP service to enable e-mail alerts.|
To delete an event action, perform the following steps:
You can add, delete, edit, and assign actions to event filters.
To add an event filter, perform the following steps:
To delete an event filter, perform the following steps:
To edit an event filter, perform the following steps:
To assign an action to an event filter, perform the following steps:
|NOTE: In this procedure, you can add one or both of
the default actions, Alert and NT Event Log, or you can add a custom action.
Alert and NT Event Log are always available as
choices in this procedure. You cannot edit or delete either of these actions.
When assigned to a filter, these actions do the following if an
event meets the filter criteria:
To assign a custom action, you must first configure an event action and then assign it to a filter using this procedure.
To configure filters, cache information, warning size, maximum size, and purge number for the event log, perform the following steps:
|NOTE: Paging service providers have limitations on the number of characters allowed in a page. It is possible to configure alert pages to be longer than those limitations. In this case, the page is not received by the recipient even if it is sent by the IT Assistant pager.|
|NOTE: Several instructions in this
procedure refer you to help topics in the WinBEEP 32 paging program. To
access the help system in the WinBEEP 32 program, perform the following
1. Click the Start button, point to Programs, point to WinBEEP 32, and click WinBEEP 32.
2. On the WinBEEP 32 menu bar, click Help, and then click Contents.
If you are unfamiliar with WinBEEP 32, use this help system to learn the WinBEEP 32 program and to help you configure your particular environment.
IT Assistant uses the WinBEEP 32 paging program to send pages generated by the event management system. You must configure WinBEEP 32 and then configure a paging action before events can successfully trigger a page.
WinBEEP 32 uses a modem to transfer pages to your paging service provider. Therefore, you must have a modem properly installed and configured in your computer. If you have not done so, obtain a modem and follow the instructions in the modem manufacturer's documentation to install the modem hardware and software.
Before you can use WinBEEP 32, you need at least one of each of the following:
|NOTE: You must perform this procedure on the management station.|
To configure the modem properties from the WinBEEP 32 graphical user interface (GUI), see the WinBEEP 32 help topic "Selecting a Modem" (located under the Modems heading on the help contents page), and then perform the following steps:
Ensure that the modem properties are also set in the operating system or messages may not be sent reliably. Also ensure that the operating system modem properties are set to the Winbeep properties; setting the Winbeep properties to the operating system modem properties can result in paging failures.
To view the modem properties in Winbeep, perform the following steps:
Winbeep does not fully interface with the standard Windows TAPI interface. You may need to duplicate some properties set in the operating system modem properties, such as dialing 9 to reach an outside line, in WinBEEP.
After configuring the paging feature, it is important to test it using the WinBEEP GUI to ensure reliable pages.
A service provider provides pagers and the service that delivers messages to the pagers. A service provider accepts the messages sent through WinBEEP 32, then sends the messages to the appropriate subscriber(s).
To learn more about the role of a service provider, see the WinBEEP 32 help topic "Service Provider Overview."
To configure a new service provider, see the WinBEEP 32 help topic "Adding a Service Provider."
|NOTE: Service providers generally provide two
telephone numbers: a user access number and a modem access number. The user access number
may have a prerecorded message to assist users and is meant to be accessed by a telephone.
The modem access number has no such message and is meant to work specifically with modems;
it is ready to accept a paging message as soon as you dial the number. Ensure that you use
the modem access number of your service provider when configuring the service provider.
|NOTE: If the telephone line your modem uses requires a dial-out number to obtain a dial tone for outside calls, enter one or more commas (,) after the dial out number. This causes the modem to pause after dialing the dial-out number, most likely giving it enough time to obtain an outside line. For example, if the modem telephone line requires 9 as the dial-out number and the telephone number of your service provider is 1-800-XXX-XXXX, then specify the telephone number for your service provider as 9,1-800-XXX-XXX.|
A subscriber is anyone who can receive an electronic message through a pager. After you configure individual subscribers, you can create subscriber groups, which enable you to send the same message to every individual subscriber in that group.
To view the WinBEEP 32 subscribers' list, select Subscribers from the View menu, or click Subscribers on the WinBEEP 32 toolbar.
To configure a new subscriber, see the WinBEEP 32 help topic "Subscriber Overview" and then select "Adding a Subscriber."
|NOTE: You must configure a service provider before you configure a new subscriber.|
To configure a filter action to send a page, see "Configuring Event Actions" and "Configuring Event Filters."
Some service providers put a limit on the maximum length of the page message; the page may not go through if the message is beyond this length. If your users' pages are not being received, this may be the cause.
It is recommended that you consult your service provider to obtain the maximum supported page length. The length of the message allowed to go through can be configured in the WinBEEP application. It can also be configured through IT Assistant by performing the following steps:
|NOTE: You must install the Microsoft Simple Mail Transfer Protocol (SMTP) service on the IT Assistant management station to enable e-mail alerts.|
The IT Assistant management station has the ability to send e-mail based on events received from managed systems. Most problems with e-mail alerting are caused by not enabling SMTP on the management station, not entering the mail server's IP address into the Domain Name System (DNS), or both. The following sections describe how to enable and test the e-mail alert feature.
For e-mail alerting to work properly, you must configure Microsoft Internet Information Server (IIS) and SMTP to forward e-mails to the mail server in either a domain or workgroup environment. To direct the IT Assistant e-mails to the mail server, perform the following steps on the management station:
Perform the following steps to troubleshoot the e-mail setup in a DNS Environment:
When an alert is detected for a system, IT Assistant updates the system status indicator displayed in the systems window. The updated status indicator displays the event severity.
To view, acknowledge, or delete alerts, perform the following steps:
This action opens the alerts window. A list of alerts from all systems display with a status indicator, host name, and description. New alerts display with a new alert indicator to the left of the alert.
|NOTE: Acknowledging alerts is a good way to keep track of how many alerts a system is generating. Even users who are logged in to IT Assistant with read-only access may acknowledge alerts.|
This version of IT Assistant supports alerting based on platform event trap (PET) events as defined by the Alert Standard Format (ASF). ASF/PET alerting requires that the managed system have an ASF-enabled local area network (LAN) network interface controller (NIC) integrated on the system board, and also be instrumented with Client Instrumentation 7.0 or later.
When IT Assistant receives a PET event, it formats the event message into an easily readable format. IT Assistant enables you to define event filters and actions based on these events. For more information on using the event management system, see "Sample Event Management Scenarios," and download the white paper "Using the Dell OpenManage IT Assistant Event Management System" from the Dell OpenManage White Papers website at www.dell.com/openmanage.
IT Assistant supports PET temperature change events, fan status and speed events (defined in the "Environmental" IT Assistant event category); voltage change events (defined in the "Power" IT Assistant event category); chassis intrusion, system password failure, and user authentication events (defined in the "Security" IT Assistant event category); heartbeat and network connectivity events (defined in the "Network" IT Assistant event category); a corrupt BIOS event (defined in the "Other" IT Assistant event category); and central processing unit (CPU) dead-on-arrival (DOA) alerting (defined in the "Processor" IT Assistant event category). Consult your system documentation for specific ASF/PET events and event types supported on your system.
Using the event management system, you can select individual PET event types and configure IT Assistant to alert you or another user by e-mail, page, dialog box pop-up, application launch, or script launch if it receives one of those events. For IT Assistant to receive these events, you must specify the IP address of the management station as the event destination on the managed system.
|NOTE: The event management system has an event caching feature that filters out duplicate events if they are received within a specific time frame. IT Assistant ignores some entity-present, or "heartbeat," events, if they fall within this specified time frame. See the previously mentioned event management white paper to configure this caching feature to achieve the results you want.|
The following scenarios describe a basic and an advanced example configuration and implementation of the IT Assistant event management system.
Joe and Bob share the responsibility of monitoring critical events for servers A, B, and C, but at different times. Joe is on a morning shift (0600 hours to 1200 hours), while Bob handles the rest of the time. Also, Tom lends a hand for servers B and C on Tuesdays. All three IT technicians have pagers and e-mail addresses and want to be notified through both. In addition, Tom wants to see a pop-up alert at his IT Assistant browser-based user interface whenever a critical event occurs.
All of these IT technicians are monitoring servers with Dell OpenManage HIP installed on them. Since event categories are already prepopulated for Dell agents, no category preconfiguration is necessary.
|NOTE: See "Configuring Event Filters" for detailed information on performing the steps mentioned in this section.|
Since Joe, Bob, and Tom monitor events at different times, three different filters need to be set up.
To set up Joe's filter:
To set up Bob's filter:
To set up Tom's filter:
|NOTE: See "Configuring Event Actions" for detailed information on performing the steps mentioned in this section.|
You need to set up six actions for Tom, Joe, and Bob (three e-mails plus three pages). The alert action is already set up.
To set up Joe's actions:
Select Joes Critical Events in the Event Filters dialog box and select Actions. First, create an e-mail action. Select New Action.... Joe is creating a new action, not a derivation of one, so choose Create from Template, then e-mail, then Create.... Name the action e-mail Joe. Insert Joe's e-mail address in the To: field. In the From: field, Joe inserts an e-mail alias that is meaningful, yet will not be filtered out by his e-mail server. Changing the subject and message fields is optional.
Next, Joe creates a paging action. Before he does this, Joe runs Winbeep's configuration utility and creates a subscriber ID for himself, such as "JoesPager." Joe creates a paging action from a template and inserts the subscriber ID of JoesPager in the To: field of the paging action he calls Page Joe. Again, changing the message is optional.
When these actions are created, they are added automatically to the filter. Actions are executed in the order they are listed in the actions window; however, you can use the Move Up and Move Down buttons to change execution order. An alternate way that Joe could have created actions for his filter is to select Event Actions from the IT Assistant navigation tree and create his actions from there. Then he chooses Event Filters from the navigation tree, selects his filter, and adds the actions he created. Joe can edit or delete the actions he created from the dialog displayed by clicking Event Actions on the navigation tree. One convenient feature of this dialog is that when he selects an action he or someone else has set up, the filters to which that action has been applied will show in the bottom pane, giving warning that, if Joe wants to change or delete his action, it could affect more filters than just those that he set up.
To set up Bob's actions:
Bob sets up his actions to e-mail and page himself (Bob has to go into Winbeep also) just as Joe did.
To set up Tom's actions:
Tom sets up his actions to e-mail and page himself just as Joe and Bob did. Tom also adds the Alert Action action to pop up an alert at his IT Assistant browser-based user interface.
With the actions and filters set up as described, Joe, Bob, and Tom will receive e-mail, pages, and a pop-up alert (for Tom) when a critical event occurs on their watch.
|NOTE: This is an advanced scenario that describes how to set up new event sources that are not prepopulated by Dell. Only users with a thorough knowledge of SNMP and/or DMI should attempt this.|
Tom monitors a room of servers for a Web hosting service. In this room are servers from Dell, Sunny Computer Corp., and GenericServers.com. Unfortunately, space is at a premium and the amount of equipment in the room has started to create ventilation problems, resulting in some systems overheating. Tom wants to make sure that he is alerted when a system starts to show overheating problems, and he wants to be able to do this with one application for all of his servers.
Tom determines that microprocessor temperature is a good parameter to use in determining whether a server is overheating. Fortunately, all three of his server vendors provide agents that monitor various temperature probes within the server and send traps based on preset thresholds.
Of the three server vendors' management applications, Tom finds that IT Assistant is the only one that can notify him by pager when an SNMP trap is received. Tom also learns that Dell has prepopulated IT Assistant's event management database to recognize traps from Dell agents (such as Dell OpenManage Server Agent). However, before Tom can set up an event filter and event actions based on that filter, he must configure IT Assistant to recognize the traps from the other two vendors. Tom can do all of this from the IT Assistant browser-based user interface.
First, Tom needs to look at the trap definitions for the other two server vendorsunfortunately, he finds that each does things a little differently. Tom is only interested when a temperature probe goes to a warning or critical status, not if it returns to a normal status. Tom finds that Sunny Computer Corp. servers produce separate traps for each severity level change of a temperature probe. In other words, the servers generate a separate trap (each with a different specific trap ID) for each possible temperature probe status (normal, warning, and critical). He also finds that the fourth varbind of the trap contains a text string that specifies the location of the temperature probe.
Tom gathers the data he needs to successfully configure IT Assistant to recognize the trap: enterprise OID, generic trap ID, specific trap ID, what severity the trap represents, and the relevant varbind information. He does this for both the warning and critical temperature probe traps. Tom now needs to configure IT Assistant.
On the IT Assistant navigation tree, he chooses Event Categories under the Configuration branch. Tom could create a new category for the trap event sources generated by the other two server agents, but he decides to put them under the same event category and event type used by the prepopulated Dell temperature probe trap. The event category for this trap is Environmental and contains the event types Temperature Warning for warning traps and Temperature Failure for critical traps.
Tom starts by setting up the warning trap. First, he chooses the event type Temperature Warning under the event category Environmental and clicks Edit ... . Tom needs to add an event source definition for the trap, so he clicks Add Event Source..., and then SNMP. He names the event source Sunny ComputerCorp. Agent and completes the generic trap ID, specific trap ID, and enterprise OID. He also chooses a severity level that the trap represents.
The Format String field contains the text of what Tom will see when he receives this alert from IT Assistant, so he wants to ensure that it contains meaningful information. He fills it in with the following text:
A temperature probe warning has been received from system $n at date $d and time $t: the location of the probe is $4.
Notice that Tom uses available variable substitutions as defined in "SNMP Event Source Configuration." The $4 represents the fourth varbind of the event source, starting from a count of 1. Tom clicks OK to complete setup of the temperature warning event source. Then he chooses the Temperature Failure event type and sets it up the same way as he set up the temperature warning. When he completes setup of both sources, he confirms his additions by clicking OK all the way back up to the Event Categories dialog box.
Next, Tom needs to add the event source for his GenericServers.com servers. He needs to approach this event differently because the status of the temperature probe Tom wants to monitor is actually in one of the varbinds of the trap. Tom puts this event under the event category Environmental as he did for Sunny Computer Corp. This time, however, he decides to create his own event type because the same trap will be received for both warning and critical temperature change events; therefore, the trap does not fit any one severity event type (such as Cooling Device Failure or Cooling Device Normal). Tom selects Environmental, then clicks Add Type.... He names the event type Temperature Probe Status change. He also gives the event type an optional description in the Description field. To configure the event source, Tom once again clicks Add Event Source..., then clicks SNMP.
At this point, Tom needs to consult the MIB or trap events file provided by GenericServers.com for its agent. He finds the following information for the trap he is interested in: a specific trap ID of 1000, a generic trap ID of 6, and an enterprise OID of .18.104.22.168.4.1.300.100.1.1.1. Tom also finds out what each varbind sent with the trap contains. He knows that he needs the two varbinds that provide the severity of the event and the location of the probe.
|NOTE: Each vendor agent's traps are different; these values are not guaranteed to be in a trap.|
Tom knows that each varbind has it own OID assigned to it, which he also knows should be the enterprise OID followed by additional information to identify that particular varbind. IT Assistant needs this information for the varbind that contains the severity of the event to be able to access its value. He has determined this OID to be .22.214.171.124.4.1.300.100.1.1.1.3. Tom also needs to figure out what values this varbind contains and what they mean (such as 1 = OK, 2 = warning, 3 = critical) so that he can map the value to a standard IT Assistant severity level.
From reading the MIB, Tom determines that the GenericServers.com agent produces the following severity values for the trap and varbind he needs: 1 = other, 2 = unknown, 3 = OK, 4 = warning, 5 = critical, 6 = nonrecoverable. Tom is only interested in values of warning and critical, but he decides it is best to go ahead and map all the possible values. Tom also finds that the fifth varbind contains the location of the probe.
Tom is now ready to finish configuring IT Assistant to recognize this trap. Tom enters the enterprise OID, generic trap ID, and specific trap ID that he noted from the MIB file. He also enters a similar format string as he did for the Sunny Computer Corp. agent, noting the differences:
A temperature probe status change has been received from system $n at date $d and time $t with severity $s: the location of the probe is $5.
Tom is now ready to configure the severity mapping by value. First, he clicks By Value on the Severity menu, then clicks Add Severity .... He starts with the severity value of other: In the Severity combo box, he clicks Unknown (Unknown and Other severities are represented by the same icon in the IT Assistant browser-based user interface: a gray question mark). For the Object ID, he enters .126.96.36.199.4.1.300.100.1.1.1.3, and then for the Object Value he enters 1. He clicks OK, and now the value of 1 is mapped to Unknown.
Next, he maps Other (or 2) to a severity of Unknown; then he maps OK (or 3) to the IT Assistant severity of OK, and so on until all six of the values that are possible for the varbind are mapped to IT Assistant severities. After he defines all severity mappings, Tom saves all that he has configured by clicking OK all the way back up to the Event Categories dialog box and then clicks Close on the Event Categories dialog box to finish his setup.
Tom has the temperature events that he is interested in configured for the Sunny Computer Corp. and GenericServers.com agents. Now he needs to set up a filter for his new events, not only because he is especially interested in them, but because he realizes that other filters may already watch for these events due to their being configured as members of existing event categories and event types. On the IT Assistant navigation tree, Tom clicks Event Filters, then clicks Add... in the Event Filters dialog box.
For Filter Name, he enters Tom's Temperature Events - Warning and Critical only. He then selects Warning and Critical for the severity configuration. He doesn't care about time filtering, so he does not perform time or date configuration.
Tom is only interested in temperature changes, so in Select Event Categories / Types under Environmental, he selects the event types that include the new event sources that he has entered. For his Dell servers, he selects all event types that include Temperature in their names.
In Select Source nodes, Tom selects all nodes because IT Assistant has discovered only the servers in the room where he is having ventilation problems. Tom clicks OK to accept the filter setup.
Next, Tom sets up actions for his filter. In the Event Filters dialog box, he selects his new filter and clicks Actions .... He decides he wants the interface to display an alert pop-up, so he selects that option. He has already configured a pager action (set up before he began this procedure), so he also selects that action. He then clicks Close, then Close once again.
Tom will now receive a page and an alert pop-up when a temperature probe status goes to a value of warning or critical. He can then look at the location string, which prints as part of the alert message, to see if it is a microprocessor temperature probe.
|NOTE: Temperature probe location can vary widely, depending on the agent generating the event.|
Tom decides to test his setup by causing each agent to generate a temperature warning event and a temperature critical event. (How he causes these events to be triggered depends on the agent.) Tom would be able to tell immediately if his event source setup was correct by looking at the IT Assistant Alerts window. If IT Assistant matched the event with his new filter's event sources, the format string he entered during setup will display for the event; if not, raw trap information will show for the alert message. If Tom finds that IT Assistant could not match the event to the event sources he set up, he can use the raw trap information in the Alerts window to help him determine what piece of comparison data (enterprise OID, specific trap ID, generic trap ID, or others) is incorrect.
Back to Contents Page
Back to Using IT Assistant