Monitor Terms and Concepts

The same alert management terms and concepts apply to all methods of monitoring.

Alerts and Alarms

Alerts - An alert is created when the performance of a machine or device matches a pre-defined criteria or "alert condition".
Alarms - Alarms are a graphical way of notifying the user that an alert has occurred. In many graphical displays throughout the VSA, when an alert exists, the VSA displays by default a red traffic light icon. If no alert exists, a green traffic light icon displays. These icons can be customized.
Logs - Two logs distinguish between alerts and alarms.
- Alarm Log - Tracks any alarm that was created by an alert.
- Monitor Action Log - Tracks any alert that was created, whether or not an alarm or any other type of action was taken in response to the alert.

Actions

Creating an alarm represents only one type of action that can be taken when an alert occurs. Two other types of actions are notifications. They include send an email or create a ticket. A fourth type of action is to run an agent procedure to automatically respond to the alert. These four types of actions are called the ATSE code. Whether assigned to a machine ID, a group ID, or an SNMP device, the ATSE code indicates which types of actions will be taken for the alert defined.

A = Create Alarm
T = Create Ticket
S = Run Agent Procedure
E = Email Recipients

None of the ATSE actions are required to be set when configuring an alert. Both the alert and the ATSE action, including no action, are reported in the Info Center > Monitor - Monitor Action Log report.

Types of Alerts

Types of alerts include:

Discovery > By Network or By Agent
Backup > Backup Alerts
Monitor > Alerts - These are specialized "fixed" alerts that are ready to apply to a machine.
Monitor > Assign Monitoring
Monitor > SNMP Traps Alert
Monitor > Assign SNMP
Monitor > System Checks
Monitor > Parser Summary
Monitor > Assign Parser Sets
Patch Management > Patch Alerts
Remote Control > Offsite Alerts
Security > Apply Alarm Sets

Other add-on modules have alerts not listed here.

Six Methods of Monitoring

Each of the six methods of monitoring in Virtual System Administrator™ is either event-based or state-based.

Event-based
- Alerts - monitors events on agent machines
- Event Log Alerts - monitors events in the event logs of agent-installed machines
- System Check - monitors events on non-agent machines
- Log Monitoring - monitors events in log files
State-based
- Monitor Sets - monitors the performance state on agent machines
- SNMP Sets - monitors the performance state on non-agent devices

Event-Based Alerts

Alerts, System Check, Event Log Alerts and Log Monitoring represent event-based alert that occur perhaps once. For example a backup may fail. Even if the backup succeeds later, the failure of the backup is a historical event in the alarm log. If an alarm is created for this type of event, then the alarm remains "open" in the alarm log even if the alert condition recovers. Typically you use the Alarm Summary page to review alarms created by event-based alerts. When the issue is resolved you "close' the alarm.

Event-based alerts are usually easier to configure, since the possibilities are reduced to whether one or more of the events happened or did not happen within a specified time period.

State-Based Alerts

Monitor set counters, services, and processes and SNMP set objects are either currently within their expected state range or outside of it and display as red or green alarm icons dynamically in monitoring dashlets. These are known as state-based alerts.

If an alert condition currently exists, monitor dashlets show a red alarm icon.
If an alert condition does not currently exist, monitor dashlets show a green alarm icon.

If you create an alarm for state-based alerts, they'll create alarm entries in the alarm log just like event-based alarms, which you can then choose to close. But because state-based alerts typically go in and out of an alert condition dynamically, you may want to avoid creating an alarm each time this happens. Instead use the Network Status dashlet to identify the current status of state-based alerts. Once the issue is corrected on the machine or device, the status of the alert automatically returns to a green icon. You don't have to manually "close" the alert in this dashlet.

NOTE If you do decide to create traditional alarms for monitor sets and off-line alerts specifically, these two types of alerts can be closed automatically when they recover. See the Enable auto close of alarms and tickets checkbox on theSystem > Server Management > Default Settings page.

Typically state-based alarms require more thought to configure then event-based alarms, because the intent is to measure the level of performance rather than outright failure.

Dashboards and Dashlets

The Dashboard List page is the VSA's primary method of visually displaying monitoring data, including alerts and alarms. The Dashboard List page maintains configurable monitoring windows called Dashboard Views. Each dashboard contains one or more panes of monitoring data called Dashlets. Each VSA user can create their own customized dashboards. Types of dashlets include:

Reviewing Alarms

All alert conditions that have the Create Alarm checkbox checked—both state-based alarms and event-based alarms—are recorded in the alarm log. An alarm listed in the alarm log does not represent the current status of a machine or device, rather it is a record of an alarm that has occurred in the past. An alarm log record remains Open until you close it.

Created alarms can be, reviewed, Closed or Deleted... using:

Monitor > Alarm Summary
Monitor > Dashboard List > any Alarm Summary Window within a dashlet
Agent > Agent Logs > Alarm Log
Live Connect (Classic) > Agent Data > Agent Logs > Alarm Log

Created alarms can also be reviewed using:

Monitor > Dashboard List > Alarm List
Monitor > Dashboard List > Alarm Network Status
Monitor > Dashboard List > Alarm Rotator
Monitor > Dashboard List > Alarm Ticker
Monitor > Dashboard List > Group Alarm Status
Monitor > Dashboard List > Monitor Set Status
Monitor > Dashboard List > Monitor Status
Monitor > Dashboard List > Top N - Monitor Alarm Count
Monitor > Dashboard List > KES Status
Monitor > Dashboard List > KES Threats
Info Center > Reporting > Reports > Monitoring > Logs > Alarm Log
Info Center > Reporting > Reports > Monitoring > Monitor Action Log
Live Connect > Asset > Log Viewer > Alarm

Reviewing Performance (with or without Creating Alarms)

You can review the current status of monitor sets and SNMP set performance results, with or without creating alarms, using:

Monitor > Live Counter
Monitor > Monitor Log
Monitor > SNMP Log
Monitor > Dashboard > Network Status
Monitor > Dashboard > Group Alarm Status
Monitor > Dashboard > Monitoring Set Status
Info Center > Reporting > Reports > Monitoring > Logs

Suspending Alarms

The triggering of alarms can be suspended. The Suspend Alarms page suppresses alarms for specified time periods, including recurring time periods. This allows upgrade and maintenance activity to take place without generating alarms. When alarms are suspended for a machine ID, the agent still collects data and will show alarm state in the dashboard, but does not generate assigned alarm actions.

Group Alarms

Alarms for alerts, event log alerts, system check, and log monitoring are automatically assigned to a group alarm category. If an alarm is created, the group alarm it belongs to is triggered as well. The group alarm categories for monitor sets and SNMP sets are manually assigned when the sets are defined. Group alarms display in the Group Alarm Status dashlet of the Monitor > Dashboard List page. You can create new groups using the Group Alarm Column Names tab in Monitor > Monitor Lists. Group alarm column names are assigned to monitor sets using Define Monitor Set.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!