I have tons of alerts we use. Often times there might be multiple copies of essentially the same alert so that I can tailor it for different audiences with different alert actions.
A recent glance at all my alerts caused me to think of a few things (well that and cry):
- A graphical object oriented interface would be sooooo much easier than one large linear list of alerts. Something like APM's management interface would be great where things are listed by categories and further details are easily viewable.
-Being able to audit alerts would be BEYOND useful. For example being able to see which are in use and which are not. Obviously if it's enabled that is hard to tell but maybe something like a small alert history would be helpful, IE last time alert was fired.
-Some kind of process where alerts can be reverse tested or to be more specific see something in node details about "alerts that might apply to this node" if it goes down or drops an interface etc.
-Often times beyond auditing I have frequent alert questions like, well I just got that alert I wonder who else got an alert for this node going down or this interface coming up. The idea (referencing my above statement about multiple alerts for different audiences) would be to maybe see something like a way to put this info in an alert. Possibly seeing this "XYZ Server is down - Also notified of this event is ABC". Or really a better way would be to make it so alert actions can be tailored for different recipients.
The ultimate idea is to be able to much more easily know which alerts are in current use and which are not as well as who are getting alerts for certain actions or conditions. With an alert audience that ranges from CIO/VP to PC Tech this is important. When you have many alerts this becomes daunting. Right now the only way to know is basically to know them all by heart.
