[thwackCamp 2013 Chat Log] Cut the Alert Noise: Best Practices to Avoid Common Pitfalls and Optimize Managing IT Alerts

Version 1
    MsgTimeIPAddressSenderTargetText
    10/11/2013 14:00216.229.163.70colbywhen I got my CISSP I swore I was going to dream in scantron
    10/11/2013 14:00216.229.163.70colbymumbling "A, B, A... no D" in my sleep
    10/11/2013 14:0265.192.236.140JFraziertoo bad it is only available as a virtual appliance.
    10/11/2013 14:02216.229.163.70colbywhat would you like to see? windows deployment?
    10/11/2013 14:02216.229.163.70colbyso far it seems to be about 80/20 - lots of people like the VA because it means no licenses
    10/11/2013 14:03216.229.163.70colbysince ESX is free, and/or people have virtual infrastructure already
    10/11/2013 14:03216.229.163.70colbyand with Hyper-V in 2008+
    10/11/2013 14:0465.192.236.140JFrazierunderstood..but it would have to be on a company approved and installed OS with appropriate patches and policies.
    10/11/2013 14:04216.229.163.70colbyah
    10/11/2013 14:05216.229.163.70colbymost people seem to be mitigating with documentation with other virtual appliances we have - vendor's responsibility to patch, here's their policy, etc.
    10/11/2013 14:05216.229.163.70colbywe run into that with Log & Event Manager since it's a security product
    10/11/2013 14:06216.229.163.70colbylet me check and see if there's a feature request up for a windows install
    10/11/2013 14:0665.192.236.140JFrazierplus as a vm, it is at the mercy of the host. It should be stand alone.  Then it can tie into notification tools (GSM modems) to get the word out when the network drops.
    10/11/2013 14:07216.229.163.70colbydifferent use case, but there is one up: http://thwack.solarwinds.com/ideas/2745
    10/11/2013 14:07216.229.163.70colbyyeah - we are going to solve that problem in an upcoming release, likely with something like an agent that can call out to SMS/paging tools.
    10/11/2013 14:0766.195.91.187JimShankI just remembered my alert central question How can we assign a default severity if the email contains no field to identify severity?
    10/11/2013 14:09216.229.163.70colbycan't see a way - there's a thwack feature request to "normalize" the severity and it might include being able to set it to something arbitrary... let me look up that feature request
    10/11/2013 14:1065.192.236.140JFraziercolbyneeds to be direct attached..
    10/11/2013 14:10216.229.163.70colbyeffectively you could match on stuff and set it to something
    10/11/2013 14:11216.229.163.70colbyone of the ideas on severity, which was downvoted so far: http://thwack.solarwinds.com/ideas/1709
    10/11/2013 14:1174.193.64.139MattHarveyI've noticed with Alert Central I keep getting nightly and weekly activity reports emailed to me at late hours. I cant' find how to turn this off anywhere.  Is it something I'm missing?
    10/11/2013 14:12216.229.163.70colbyno - there's no option to disable. it's weekly.
    10/11/2013 14:12216.229.163.70colbyeveryone with a validated address gets one - admin users get a system-wide one, regular users get one for their group
    10/11/2013 14:13216.229.163.70colbyi thought there was a feature request on the weekly report but i can't find it - we do want to add reporting/dashboard type stuff so that's not the only place you get stats, which may be when we add that option
    10/11/2013 14:1366.195.91.187JimShankcolbyI'll add a feature request to allow you to statically assign a severity in the capture severity step.
    10/11/2013 14:1474.193.64.139MattHarveywould be nice to be able to specify a time to get them, or who does or doesn't get them
    10/11/2013 14:1467.79.13.42ReneMattHarveyHello Mr. Harvey
    10/11/2013 14:14216.229.163.70colbyfeel free to put up a feature request for that one, too - i suspect others will find it useful
    10/11/2013 14:1474.193.64.139MattHarveyRenehello
    10/11/2013 14:17216.229.163.70colbywe just talked to someone yesterday replacing monitoring systems with solarwinds stuff... what a painful process
    10/11/2013 14:17216.229.163.70colbybut, worth it in the end
    10/11/2013 14:20173.13.67.184fitzy141When I  move my Solarwinds instances to our new DC .. I am going to start playing around with Alert Central .. this is a great tool
    10/11/2013 14:20216.229.163.70colbyawesome
    10/11/2013 14:21216.229.163.70colbythis session is basically our most common problems that AC solves, but obviously it's pretty flexible
    10/11/2013 14:23216.16.135.2jtp74021has anyone had issues with email alerts from another system that are coming to AC in HTML format and the body does not have alert information in it but you have all the HTML padding in the alert?
    10/11/2013 14:23216.16.135.2jtp74021the header comes through fine
    10/11/2013 14:23216.229.163.70colbyyes - i think there's a couple posts on thwack about this one
    10/11/2013 14:2374.193.64.139MattHarveyRenewe've been working on deploying it in our environment and a client environment at the same time.  We're having some issues with domain logins, but may be due to how we deployed the appliance.
    10/11/2013 14:23216.229.163.70colbywe have a couple of bugs in our system we're looking into for our Q4 service release related to that
    10/11/2013 14:2374.193.64.139MattHarveywe've been working on deploying it in our environment and a client environment at the same time. We're having some issues with domain logins, but may be due to how we deployed the appliance
    10/11/2013 14:24216.229.163.70colbyif you didn't already, you might want to make sure you post it up on thwack, JTP, just to make sure you're covered
    10/11/2013 14:24216.229.163.70colbyor find an existing thread with a similar issue, i know they are out there
    10/11/2013 14:24216.229.163.70colbythat way we can be sure when the release comes out it fixes your issue
    10/11/2013 14:24216.229.163.70colbywill look real quick and see if i can find them
    10/11/2013 14:25216.229.163.70colbyin the meantime, here's the video playlist that includes ALL the videos related to Alert Central, so you don't have to individually find them all: http://www.youtube.com/playlist?list=PLSAG2TJPvS5Zy9adABecKMCJsMcjsRJZ4
    10/11/2013 14:2766.195.91.187JimShankIt's really easy to get going, I ran the appliance in VMWare Fusion on my macbook before we deployed it.
    10/11/2013 14:2774.193.64.139MattHarveyyeah, have posted it, the more I look at it, the more it seems like it may be something in our domain.  Going to re-deploy the appliance a bit better
    10/11/2013 14:29216.229.163.70colbyon the HTML issue, i found a couple of HTML-related threads but not the one i'm thinking of
    10/11/2013 14:29216.229.163.70colbymight just be internal stuff our QA team reported
    10/11/2013 14:29118.209.171.97ShuthInteresting - I didn't know that Alert Central had so many features/capabilities. I will have to have a play around. Nice presentation!
    10/11/2013 14:29167.216.131.126MandarDoes the alert central need to be on virtual env can it not be installed on my ORION server which is Bare metal
    10/11/2013 14:30216.229.163.70colbycorrect - it's a virtual appliance
    10/11/2013 14:30216.229.163.70colbyneeds to be deployed to VMware/Hyper-V
    10/11/2013 14:30216.229.163.70colby(those are what we officially support, i know people have deployed on Xen or virtualbox or VMware workstation versions)
    10/11/2013 14:32167.216.131.126Mandarany plans to make it availble on servers
    10/11/2013 14:32167.216.131.126Mandarand any reason to have it limit to VM
    10/11/2013 14:33216.229.163.70colbynot yet, but we were discussing it earlier - there's a feature request up you can vote on: http://thwack.solarwinds.com/ideas/2745
    10/11/2013 14:33167.216.131.126MandarSo i think when we try to download it will be a pre-insatlled virtial machine right
    10/11/2013 14:33216.229.163.70colbywe chose a virtual appliance so everything was self-contained, and so that it was easy for non-Orion or multi-vendor environments to install
    10/11/2013 14:34216.229.163.70colbyyes - it's a virtual disk that includes everything, you just deploy to the hypervisor/management system
    10/11/2013 14:37216.229.163.70colbyAlso, Alert Central does a regular chat session every 6 weeks - our next one is October 24, so if you get a chance to install and try it out and need help, come see us!
    10/11/2013 14:38216.229.163.70colbyyou can always post on Thwack, but like thwackCamp chat it's a nice way to work with dev/PM directly - and chat with AC users
    10/11/2013 14:38216.229.163.70colbyOffice Hours schedule and past transcripts: http://thwack.solarwinds.com/message/202041
    10/11/2013 14:58156.98.4.11Moesandipcan i get link for day 4 quiz?
    10/11/2013 15:00156.98.4.11Moesandipi found it lol
    10/11/2013 15:00156.98.4.11Moesandipnever mind
    10/11/2013 15:0167.79.13.15sandipok, great
    10/11/2013 15:0967.79.13.41daniellehhttp://www.surveygizmo.com/s3/1378227/b4e43bcf4f98
    10/11/2013 15:0967.79.13.41daniellehthere is the link for anyone else who hasn't completed day 4's mission
    10/11/2013 15:1067.79.13.41daniellehI hope everyone who has been participating in the past 3 day's of missions has submitted to the last day! Don't want to miss out on the grand prize drawing.
    10/11/2013 15:22173.13.67.184fitzy141Thanks Solarwinds Team for a great thwack camp ... good information , good community great product
    10/11/2013 15:2366.159.235.67Jayhi
    10/11/2013 15:2367.79.13.15Topherfitzy141thanks, fitzy!
    10/11/2013 15:2367.79.13.15Topherfitzy141one more session to go @ 4pm CT
    10/11/2013 15:24173.13.67.184fitzy141[Emotion=emsmile.gif]
    10/11/2013 15:2466.159.235.67Jayyay
    10/11/2013 15:2467.79.13.15TopherOur video team *just* finished a new video - Mobile Admin Max
    10/11/2013 15:2467.79.13.15Topherwe'll stream it here in the next 10 minutes or so
    10/11/2013 15:2766.112.206.6ChipThanks Solarwinds for all the great information that has been put out this week, already looking forward to next years
    10/11/2013 15:2867.79.13.15sandipSo glad you enjoyed it Chip!
    10/11/2013 15:4067.79.13.15sandipWho's ready for some Help Desk Management!!!  WOO!!
    10/11/2013 15:4467.79.13.41CaraThis gal!!
    10/11/2013 15:5067.79.13.41daniellehTurn up your speakers!
    10/11/2013 15:5067.79.13.41daniellehCheck out our newly pressed our Mobile Admin Max video
    10/11/2013 15:5067.79.13.41daniellehout*
    10/11/2013 15:5567.79.13.42GTGrayhello everyone.  i'm the product marketing manager for Web Help Desk and DameWare.  you may remember me from such thwackcamp sessions as remote IT management
    10/11/2013 15:5567.79.13.42GTGrayi'm joined by sales engineer extraordinaire Kelly
    10/11/2013 15:5667.79.13.42GTGraysay hi kelly
    10/11/2013 15:5667.79.13.15kellyticeHola!
    10/11/2013 15:5667.79.13.42GTGrayclose enough
    10/11/2013 15:5767.79.13.42GTGrayanyone listening in today already own DameWare or Web Help Desk?
    10/11/2013 15:5967.79.13.15sandipBueller? Bueller?
    10/11/2013 15:5974.193.64.139MattHarveyWeb Helpdesk, yes
    10/11/2013 15:5974.193.64.139MattHarveywe use it for two different department
    10/11/2013 15:5974.193.64.139MattHarveydepartmens
    10/11/2013 15:5974.193.64.139MattHarveyI can't spell