3 Replies Latest reply on Feb 20, 2014 4:28 AM by olha.zelena

    How do we process Up notifications?

    nate.mellendorf

      We've been working with Alert Central and all has been well.

      I've been able to configure optimal alerting paths for everything but now I feel stuck.

       

      My question is, What do I do with "UP" notifications/alerts?

       

      Here is an example:

       

      1. Server goes offline.
      2. Alert is triggered with Alert Central.
      3. The alert isn't acknowledged right away and goes to an on-call calendar.
      4. The on-call associate acks the alert but the device comes back online.

       

      When this device comes back online, our alerting platform sends out an e-mail just like it did when the device went offline.

       

      How do I interface this new "UP" notification with Alert Central?

      I want it to go to everyone that Alert Central has notified previously, but not to those it hasn't.

       

      I'm starting to think that it's not possible. Is this something we can get put into Alert Central?

      Do you have an suggestions or recommendations for this situation?

       

      Thanks!

        • Re: How do we process Up notifications?
          olha.zelena

          Hi Nate,

           

          Not sure I've understood you correctly, but here are my thoughts.

           

          1. You can try to set up your matching rules the way both  "server goes offline" and "up" messages are sent to the same group. Probably your UP messages contain some specific words (subject, body, from, to) you can tell them from other ones. In this case you have to go to Edit Source and set up your rules accordingly (see example below).

           

           

          2. If your issue is related to on-call settings, see an example below:

          2 PM - Jack is on-call

          2:30 PM - server goes down and notification is sent to Jack

          3 PM - Adam is on call

          3:30 PM - the same server is UP and notification is sent to - you'd like Jack to be notified?


          If it's your current issue, there's nothing we can do. If Adam is currently on-call, all the messages from source (including UP message) we'll be sent to him, not to the ones who got related 'down' messages.

           

          Please inform me if there's anything else I can do for you

            • Re: How do we process Up notifications?
              nate.mellendorf

              What you've outlined makes sense.

               

              This is what my question comes down to though:

              I have a calendar that has staff listed for the times at they're scheduled. As soon as their day ends, then they're off the calendar.

              We have a help desk alerting system that creates tickets from Alert Central. It creates these tickets via e-mail, so I've added its e-mail to the same calendar.

               

              This is what happens then:

               

              Alert Central creates an alert.

              Alert Central send the alert to those listed on the calendar.

              The alert is then sent to my ticketing system (This automatically creates a new ticket to track time.) It also sends the alert to everyone else.

              A team member Acks the alert, works the alert, and then enters their time in the ticketing system.

               

              My problem is this: When the device comes back online, it sends another alert to the calendar.

              This wouldn't be a problem, but it causes another ticket to be created in the ticketing system.

               

              Aside from creating a mailbox rule that tells the ticketing system to ignore "Up" alerts from Alert Central, is there anyway I could configure Alert Central to not send the alert to my ticketing system?

               

              Thanks!

                • Re: How do we process Up notifications?
                  olha.zelena

                  The soulution exists, though it's quite complicated, and I'm not sure it'll suite you.

                  First, you need to create two Groups:

                  - 1-st will contain all your colleagues (only real people) (let's name it WithoutTicketSystem)

                  - 2-nd will contain all your colleagues + your ticket system (let's name it WithTicketSystem)

                  Second, you'll have to create two separate calendars for these two groups. They'll be almost identical with the exception of your "ticket system" user. The first one won't contain it, the second will.

                  Third, you'll need to configure your source so all the messages by default are sent to "WithTicketSystem" group (as a result, ticket is created) and the ones with "Server is Up" in the subject (as an example, it depends on the messages format your alerting system is generating) are sent to "WithoutTicketSystem" group (as a result ticket won't be reported, but all the same users will be informed)