6 Replies Latest reply on Jul 11, 2012 9:11 AM by smcguire6177

    Alert and Event Management Enhancements


      This list of event and alerts list enhancements came from a customer.   We need your help to prioritize.  If there are hot items in this list for your organization, please chime in with your vote!   Please be specific to make it count.

      Event and alerts list requirements:

      • Acknowledge, deacknowledge, prioritize, delete, and resolve one or more selected events or alerts.
      • Assign ownership to one or more selected events or alerts
      • Search the event or alert list for specific events
      • Apply filters and views
      • Acknowledging and deacknowledging events
        • The ability to acknowledge and deacknowledge events or alerts in the list only if you have permission to do so.  Based on Operation credentials and roles assigned.
      • Prioritizing events
        • The ability to prioritize events in the event list by changing the event severity, escalating or de-escalating the event, suppressing the event, hiding the event, and indicating that the event is "in maintenance".
      • Assigning ownership to events
        • When an event or alert is received , the event or alert is owned by the user “system” unless ownership of the event has been assigned to a specific user. Users with appropriate privileges can take ownership of the alert or event  throughout the problem lifecycle, or assign events to a specific user or group.
      • Refreshing an event list
        • The event list refreshes automatically at regular intervals to show all incoming alerts. We require the option to refresh just the event or alert resource independent of the entire Orion Web Refresh. The option is needed to choose to refresh the event list between the configured intervals to view all the latest alerts  at the current point in time.
      • Resolving events or alerts
        • From the event or alert list, you can display a list of known resolutions, which are determined by the class of the event or alert.
      • Deleting events
        • We need the ability to delete an event and only if you have permission to do so.
      • Adding events to a task list
        • The ability to add events or alerts to a task list to identify events that require special attention.
        • Re: Alert and Event Management Enhancements

          this all looks great, especially like the "knowledge base" type bullet - resolving events or alerts, as well as the last bullet - adding events to task list.

          • Re: Alert and Event Management Enhancements

            I need the ability to correlate events.  We get a lot of interface up/down events.  I need to clear a 'down' event when an 'up' event arrives.  The cleared events should to into a history table so that I can do reports on flapping interfaces.  This will allow me to identify interfaces (and devices) that are hard-down versus those that are flapping.  Each is a unique problem and goes to a different member of the networking team.

            The flapping interface is just one example.  We also have UPS units that lose power for short periods of time.

            Events should have to ability to be escalated after some period of time if they remain uncleared.  The time needs to be configurable because some events are more critical than others.

            Interface events may need to be prioritized based on the neighboring device.  If the neighbor is another network device, the link is likely to be more important than an edge port (or at least most edge ports).  If I can mark an interface as important, either through its characteristics, such as having a CDP neighbor that's a network device (not a phone), or by a manual process (the CEO's phone is also important), then I can prioritize interface events.

            If you want something really, really, cool, take a look at the old Nerve Center processing system and the MicroMuse event processing and correlation system.  Both of these products are the best examples in their respective spaces for what to do.

            • Re: Alert and Event Management Enhancements

              For me, having the ability to assign ownership is big.  Today I either have to give them admin priveledges or node management. Neither option is suitable when you have large shared environments.

              It would be a nice add-on if a user could identify who the owner is of an alert... say the support center gets the alert... if they could identify who the orion user is that owns the alert... it would save time.

              • Re: Alert and Event Management Enhancements

                I realize this is an older posting, but in the chance it gets reviewed, one of the larger gaps I see in the alerting is the auditing, especially of ones that have cleared, in oder to have an historical record of activity.

                For instance, once the event/device is restored, the AcknowledgedBy, Alert Notes & related information appears to go away / is deleted.