Version 6

    Alert Central Basics


    My IT tools/products generate their own alerts, why should I use Alert Central?

    Alert Central is really useful when you've got too many sources that you have to configure independently, when you need to route alerts to different groups rather than telling everyone about everything, and when your manual processes are starting to break down. We tried to bring all of the features you might find bits and pieces of elsewhere into ONE product that does them all.


    I'm already using distribution lists to tell people about alerts, how can Alert Central help?

    Rather than telling everyone about every alert, Alert Central can help you send alerts to a single group, or rotate through a set of users individually who can take responsibility for the alert. Distribution lists break down by distracting everyone with a lot of noise and creating chatter and involving people that don't need to be involved - sort of like using a megaphone when a telephone would do.


    I've got a SharePoint/Outlook/whiteboard calendar that I use for on call, how can Alert Central help me?

    The biggest advantage of Alert Central is to centralize all of your calendaring to one place - the same place as your alerts. Rather than sending alerts to one person that has to find the on call person each time (requiring 24/7 staff to handle alerts that might not even be in their area), you can automate that process and automatically send the alert straight to the on call person first.


    My environment consists of 3-4 groups that all need to handle alerts, will Alert Central support that?

    Absolutely - you can send alerts from multiple sources to Alert Central, then distribute them to different groups based on any information in the original alert. Add each group to Alert Central, add their alerts to Alert Central, then use routing rules to make sure they get to the right people. Each group can have their own escalation policy and one or more on call calendars to call their own.


    I already have a helpdesk/trouble ticketing system, what does Alert Central bring to the party?

    Alert Central was designed to be a simple solution for centralizing and managing alerts. Helpdesk/ticketing systems are frequently designed around asset and relationships, not escalation and notification. Some systems do have similar escalation features, but they are often hard to manage and a sort of afterthought to the core functionality of a helpdesk system.


    Most people with both Alert Central and helpdesk systems use them one of three ways:

    1. Send all alerts to Alert Central. If they are lower priority alerts, assign them to your helpdesk system to be handled with other content.
    2. Send all alerts to both Alert Central and your helpdesk system. Filter out low priority alerts from being handled in AC, and filter out high priority alerts from being handled in your helpdesk system to avoid double-duty.
    3. Send all alerts to your helpdesk system. If they are higher priority alerts, forward them to Alert Central to be handled with your escalation and on call policies.


    We're looking at the best ways to better integrate with helpdesk systems, so if you've got thoughts, be sure to let us know.


    Can Alert Central de-duplicate alerts from multiple sources?

    Not yet. If you have two sources that generate the same alerts or a cascade failure that might generate a bunch of identical alerts, you'll get notified about all of them. Some of our customers have offered creative solutions, stopgaps, and good long term options in our feature requests forum, so be sure to go vote on them.


    Does Alert Central do any alert filtering?

    You can filter inbound alerts and decide based on any content within the alert whether to route it to a group (and user), or to trash the alert. You might have a source that includes alerts that you know are false positives or are handled another way. You can easily add a routing rule that says "if you see this noisy alert that contains the subject of 'ignore me', throw it away."


    Downloading and Installing the Alert Central Virtual Appliance


    Where do I download Alert Central?

    Alert Central is a virtual appliance with built-in web console.


    What virtualization platforms are supported?

    There are two choices of platform that we officially support: Microsoft Hyper-V (2008 R2 or 2012) and VMware (ESX/ESXi 4+).


    How much virtual resources are required to deploy?

    For both platforms:

    • 2 CPU cores with 512MHz reservation
    • 2GB memory
    • 120 GB disk space


    Which browser would you recommend? Which browsers are supported?

    We have tested Alert Central with IE8/9/10, Firefox 15+, and Chrome 25+. There are a few known cosmetic issues when using Alert Central in IE8 and IE10, and IE7 won't work at all since Alert Central is backed by HTML5 technologies.


    Our development and QA teams, along with customers, have had the best success using the latest version of Chrome (currently 26).


    How do I manage the Alert Central virtual appliance to reboot, restart, or otherwise poke at it?

    All of the Alert Central software management is done from the Alert Central web console - so if you're interested in adding users, configuring Alert Central, dealing with alerts, just access your Alert Central VM's IP/hostname on port 80 directly.


    To manage the virtual appliance itself and do stuff like reboot, restart services, download logs, change to a static IP, upgrade, or perform other tasks directly against the virtual appliance, there's a virtual appliance management interface (you might see developers/QA refer to it on the forums as VAMI) available using HTTPS on port 5480 (e.g. https://virtual-appliance-ip-or-hostname:5480) with the credentials admin/admin.


    How do I assign the Alert Central virtual appliance a static IP? Does it have to use DHCP?

    If Alert Central can't get a DHCP IP address on first boot, the virtual appliance will will stop at a black screen (instead of the usual blue screen) that says:

    ERROR: Cannot obtain an IP address via DHCP or OVF environment.

    Please configure networking manually to proceed.


    Follow the network configuration screen menu prompts (use menu item 6) to set a new IP address manually, then use menu item 1 to exit the network configuration application and continue booting.


    How do I set the Alert Central virtual appliance's clock? How do I set the timezone? How do I use NTP?

    The best way to make sure your virtual appliance clock is correct is by making sure the hypervisor's clock is correct and synced to an NTP source, then let the virtual appliance sync its time to the host. If you don't have this option enabled, AC will synchronize itself to a public NTP server.


    You can set the timezone within the virtual appliance management interface under "System" -> "Time Zone".


    How do I log in to the Alert Central virtual appliance console? What's the root password?

    Each Alert Central appliance has a unique root password that even we don't know in advance. You can use the default admin credentials (the same as the Virtual Appliance Management Interface) of admin/admin to log in and poke around if necessary.


    If worst comes to worst, we do have the ability to decode the root password and provide it during troubleshooting/resolving issues.


    What ports does Alert Central use to communicate?

    The Alert Central console lives on standard HTTP/HTTPS ports 80 and 443

    The Alert Central Virtual Appliance Management Interface (VAMI) lives on port 5480

    When using Orion alerts, Orion will communicate with Alert Central on 443, and Alert Central will register with Orion on 17778


    SMTP, POP, and IMAP ports are configurable and default to their normal defaults with/without SSL, which you can see or adjust in the Email Settings area.


    Getting Started with Alert Central - First Time Setup


    What kind of user permissions does Alert Central have?

    There's two kinds of users: those that understand.... wait, no, I'm getting off track. There are two types, admin and plain ol' user. Admin has access to configure Alert Central and manage all the users, groups, and calendars. Users only have access to view everyone's profile, view calendars, view alerts, and manage their own preferences (how to get notified, avatar photo, that sort of thing). Admin will receive a weekly report containing everyone's statistics, users will receive a weekly report specific to the group (or groups) they are in. A single user of any type can be a member of multiple groups.


    Right now there are no alert visibility restrictions, group management, or similar permissions. If that's something you'd find useful, be sure to vote and/or add features in the Alert Central Feature Requests forum.


    Why does Alert Central need a dedicated email address?

    Alert Central uses its configured mailbox for 3 things:

    1. Receiving alerts from any email sources you've got configured.
    2. Dispatching alerts out to your users.
    3. Receiving responses from your users to acknowledge, decline, reassign, or add notes to alerts, along with the email validation (so people don't have to use the web console for handling alerts).


    Yeah, I know, if you don't have email sources you don't care about #1, and it's arguable that #2 doesn't need a dedicated address, but we've found enough people require SMTP authentication AND the other features (#3) are used almost all the time, so we haven't yet provided an alternative method.


    Can I use Active Directory to add users and groups?

    Why certainly. During the Getting Started process, you'll be prompted to sync up with AD to pull down users and groups automatically. When you do this:

    1. These groups and/or users will be added to Alert Central
    2. They will be sent a validation email request to their email address configured in AD
    3. If you make changes to the group, you will need to manually re-synchronize Alert Central with AD to pick up the new users
    4. We DO NOT store your AD credentials

    I skipped something in the Getting Started Wizard and now I need to get back to it. Where is it?

    You can either return to the Getting Started Wizard itself from Settings -> Getting Started Wizard, or you can access each area directly from Settings, too. There are also some additional configuration options in Settings that we kept simple in the Getting Started wizard, like advanced routing and alert parsing.


    User and Group Configuration and Preferences


    Why do users need to validate their primary e-mail address? Can I skip validation? Can I validate an address for them? Can I re-send the validation e-mail?

    Users need to validate their primary address so that you can guarantee alerts are going to someone who can receive them. If the address is NOT validated, that user will be skipped in the escalation policy, and the next user in the policy notified. You'll also see a note in the alert details in the console that says the user was skipped due to not being validated.


    We're working on improving the validation process. There is no way to bypass or force validation when adding users, it happens automatically. You can't tell right now - other than inside the alerts view when they are skipped - that a user's address isn't validated. You can creatively force a validation email to be re-sent by changing their primary address to something else, then changing it back to their real address.


    What's the point of the weekly report? Can I turn it off for certain users or groups?

    The weekly report contains statistics relevant to each user's group (or for admin users, all groups), like the time it takes to close alerts, how many alerts they've handled, and links to related content. It's a handy way to reference the activity from the previous week. Each user receives one weekly report for each group they are in (so, in the simplest configuration where each user is in a single group, users just get one). Any user that's an admin will receive a weekly report that shows an overview of all groups in the system with their statistics.


    It's not possible to turn off or change the schedule, but if this would be useful to you, be sure to let us know how and why we can make it better.


    When I'm using Active Directory, what information is synchronized from the directory?

    When you add or sync users from Active Directory, Alert Central will retrieve:

    • Username
    • Password
    • Display Name
    • Email Address


    There are some additional settings, like timezone, photo, and phone numbers, that need to be set manually by each user (or an admin) after they are added.


    Is Active Directory synchronization automatic when I add new AD users and groups?

    No, but we did try to make it easy by adding synchronize with Active Directory buttons everywhere we could! If you edit a user that was added with AD and want to get updates, just press the "Synchronize with Active Directory" button. Same thing if you edit a group that was originally added from AD to pick up new users or other changes.


    If you want to import an entirely new group, you can do so from Settings->Import Users & Groups from Active Directory.


    You do have to enter valid domain credentials each time you do this. We're doing that to avoid having just one more place that you have credentials saved, but if it would be useful for you to save them, be sure to tell us.


    Setting up Alert Sources and Routing


    What do I need to do to get alerts from my Orion products (NPM, SAM) to Alert Central? How does it work?

    We've got a native integration with Orion platform products that allows you to use built-in Orion alerting without having to send alerts via e-mail first. As alerts are added in Orion, they will automatically be sent to Alert Central. As notes are added in either Alert Central or Orion, they will be shared with each other, so if you're looking at either console, you can see the associated notes. You do need to close alerts separately in each system, though.


    The two systems communicate on port 443 (from your Alert Central virtual appliance to Orion port 443). You do need to be running Orion Core version 2012.2.0 or later - which comes automatically with NPM 10.4 or later and SAM 5.5 or later. If you have multiple Orion products on one system, you can upgrade one of them and it'll automatically work for them all.


    I'm totally lost in where to configure incoming alerts, how they get to groups, and where the calendar even fits in. Can you help me wrap my brain around it?

    Well, I can try. First, here's a super high level pretty picture (click to enlarge):

    Step 1: You send your alerts to Alert Central. This is configured in sources - which can be either Orion or email-based.

    Step 2: You parse out key parts of the email (automatically done for Orion) that define the object, summary, and severity of the alert. This is also done in sources.

    Step 3: You decide which group will get the alerts based on data inside the alert (like the node name, or a keyword, or part of the network). This is also done in sources.

    Step 4: Alerts are sent to the group, and each group has an escalation policy that decides which user gets it first, second, third, and how many times it tries. This is done in groups.

    Step 4.5: If you want to use an On Call calendar as a part of an escalation policy, each group can have as many as you want. Adding new calendars is done in groups. Editing calendars is done in the calendars.

    Step 5: Each user decides what email address and format to use and whether to try more than one way of contacting them. This is configured in users.


    Also, be sure to check out the configuration videos here: Making Alert Central All That it Can Be - Resources & Help


    What's the best way to add a new email source to Alert Central?

    The easiest way is to just start sending emails to Alert Central, then they'll appear in your alerts view with red exclamation points. You can click on one, then pick to define a source for that unmatched email (or modify an existing source that it should have matched). This has the handy benefit of sending the sample email message over for testing your configuration at the end.


    You can also directly go to Settings and add an email alert source. If you do this, you should probably have an example in front of you or it's pretty easy to get lost. There's a handy video that talks about configuring email sources on this page: Making Alert Central All That it Can Be - Resources & Help.


    Do you save my Orion admin password?

    Nope, once we set up the link between Alert Central and Orion, we don't need your username and password anymore, so we don't store it.


    Should I configure one email source for each tool on my network, or one general source? What's best?

    Since all of your emails go to one address that Alert Central checks, you might be able to manage a single source in Alert Central for all tools on your network. You can also configure multiple sources, and separate them based on some important keywords or data in the email itself (like the from address or subject). Some good indicators of when you want to configure multiple sources rather than a single one:

    • Your routing rules are taller than you are - it's easy to get confused when you have too many.
    • You want to be able to directly manage each email source so that as you add or remove tools on your network you can clean up your rules more easily.


    There's a bit more discussion of common scenarios in the "configuring email sources" video, embedded here: Making Alert Central All That it Can Be - Resources & Help


    What are capture objects, summary, and severity, and how are they used?

    These values are something that shows up in all of your alerts and your dashboard for all alert sources and should help you quickly scan alerts to see what's going on.

    • Summary: this is a one-liner that tells you what's up. "Server A is down", "Interface Y is having some serious issues", "high latency detected on the network", etc.
    • Object: this tells you what needs your attention. It's up to you on what's used the best here, but usually it's the affected device or component (what needs fixing).
    • Severity: this tells you how important the original source deemed the alert. Could be a number, a word, that sort of thing. Some tools use a number, some use a word (critical, warning, etc).


    When you configure your "capture" rules, you tell them where to find these keywords in the messages, so that when users receive alerts OR when you're looking at your dashboard, you can see this info quickly.


    We briefly touch on capturing the summary, object, and severity in the email source configuration video on this page: Making Alert Central All That it Can Be - Resources & Help


    What's the Test button? How do I make it work with email or Orion alerts?

    When you're adding or editing a source, the "Test" button runs your configuration against a sample email or Orion alert and tells you how they match (or whether they match at all). You need to have a sample alert or email handy to paste or add to the Test page, then press "Test". It'll tell you:

    • Did that email even match this source in the first place?
    • Did it capture the summary, object, and severity? What did it capture?
    • What group ended up getting this alert assigned to them, or did it get trashed?


    For Orion alerts, it's easiest to set up a very basic source, set it to anything other than "trash this alert", and see alerts come in. Then, from to the alerts area, click on an alert, and click on "Original Orion Alert". You'll see a link there that says "Not happy with how this alert was routed?" that will take you straight to the sources configuration with that alert pre-populated for the test area.


    For email alerts, a basic source is set up by default that does something similar. Start sending email alerts to Alert Central, then they'll appear in the alerts area with a red exclamation point. From there, you can click on the email, and choose to create a new source.


    Best practices and config tips are discussed in the "configuring" videos for Orion and Email sources on this page: Making Alert Central All That it Can Be - Resources & Help


    Can I assign an alert to multiple groups, or CC a second group even though I'm assigning an alert to another group?

    Not yet. But, if this is something you're interested in, be sure to let us know.


    Setting up Escalation Policies and On Call Calendars


    Can I add recurring entries to on-call calendars?

    Definitely. When you're editing the calendar, there's a "recur" checkbox that lets you specify the recurrence. This is useful for regular on call scheduling, or using the on call calendar as a sort of staff availability list rather than manually picking someone in the group configuration.


    What's this stuff at the bottom of the escalation policy about repeating steps?

    Alert Central will try the escalation steps in order. The first option ("if the alert is not acknowledged...") tells Alert Central how long to wait between moving to the next step in the policy, i.e. "Notify Alice, wait 5 minutes, Notify Bob, wait 5 minutes..." The next option tells Alert Central how many times to repeat the policy steps before giving up, i.e. "Notify Alice, wait 5 minutes, notify Bob, wait 5 minutes, and if neither of them do anything, try those steps 5 more times."


    In the end, if we're out of steps and nobody has raised their hand, we'll follow your instructions at the bottom. You can assign the alert directly to someone, acknowledge or close it, and you can carbon copy someone else to let them know this alert didn't get handled (yet).


    We discuss escalation policies and on call calendars in more depth in one of our videos, which you can find on this page: Making Alert Central All That it Can Be - Resources & Help


    Upgrading Alert Central


    How do I know an upgrade is available?

    We're working on adding upgrade notification to tell you within Alert Central when something new is up. In the meantime, we will post here on thwack as soon as upgrades are available.


    How do I install upgrades?

    The upgrade download will include instructions, but the short version:

    1. Mount the upgrade ISO to the virtual appliance in your virtualization management software
    2. Navigate to the virtual appliance management interface for your appliance (https://virtual-appliance-ip-or-hostname:5480 with admin/admin).
    3. Click on "Update", scan for an update, then install it.


    How Do I Enable Automatic Upgrades?

    If you're running Alert Central v1.1.3 or later, you can have the virtual appliance not only perform the nightly check, but automatically install the upgrade. We've provided the default settings on upgrade, but it is not enabled by default. To enable:

    1. Navigate to the virtual appliance management interface for your appliance (https://virtual-appliance-ip-or-hostname:5480 with admin/admin)
    2. Click on "Update" then "Settings"
    3. Under "Update Settings", select "Automatically check and install updates" and specify the time in "Schedule a frequency for the updates" (e.g. every night at 4am)
    4. Save your changes.


    When you allow automatic upgrades they will be downloaded and installed on the schedule you provide. You'll be notified in the Alert Central console that an update was installed, with a link to these upgrade notes.


    Getting Help and Troubleshooting Problems with Alert Central

    I'm stuck, I found a bug, or I just want to chat with some awesome people. Where do I get help?

    Post to our Thwack forum, which is monitored by members of our product management, development, and QA teams.


    If I need help or think I found a bug, what should I include in my post? How do I download logs?

    It helps to let us know what version of Alert Central you're running (found at the bottom of your web console), your browser and OS versions (especially when reporting cosmetic issues or weird behavior), a good description of the steps you took that got you in your situation, and whether you just saw it once or have seen it repeatedly.


    We might also ask you for your logs. There's a handy doc on retrieving logs here: Instructions for collecting Alert Central Logs


    Where can I find Documentation, Videos, Help, and other stuff to help me learn about Alert Central?

    Check out our Library area here on Thwack. We'll post any updated content there, including documentation, videos, and anything else that's handy.


    I have an idea for a cool feature, I can't use Alert Central without a feature I need first, or I have a nice to have feature that would make my life easier. Where do I post it? How does that work?

    Post your ideas in the Alert Central Feature Requests forum where members of the community will vote on them. Every time we plan our roadmap, we refer back to the ideas on Thwack to help us prioritize. The most votes isn't a guarantee it'll be the next thing we do, but it is something we take very seriously. Also, vote on other peoples' ideas! If you agree that something is worthy, it's something you'd use, or something you agree would make Alert Central more useful, vote for it.


    I have a question that I think belongs on this FAQ, I'm confused about an answer, or I think you could include more info. How do I get it updated?

    Post here or start a thread in the forum!