Tech Updates What is Alert Management System (AMS)? The Alert Management System is a tool for organizing and tracking the most important alerts in an enterprise or logical segment of an enterprise. AMS lets you focus on and manage the highest severity IT alerts in real time. AMS is a new feature introduced with Unicenter NSM r11. It is tightly integrated with Enterprise Management (EM) and Advanced Event Correlation (AEC). We recommend that AEC be used to correlate and consolidate inbound events to create alerts. Most events can be handled automatically using Enterprise Management in conjunction with AEC but some will need to be allocated to an operator as alerts for further processing. These high priority alerts would display in Alert Management queues. AMS is configured through Enterprise Management and can be configured through the classic EM GUIs and the Management Command Center (MCC). Alert queues are published to views within the (MCC) and the Unicenter Management Portal (UMP). Alerts can have relationships with objects within the worldview which allows the MCC user to see alerts in context with the object being viewed. On creation the alert is placed in an alert queue. Alert queues can be defined to match business requirements; they may be based on function or be created to match a departmental / regional structure. AMS contains enhanced features such as escalation policies and the ability to move alerts between queues and each operator can also have there own customized view of queues. Escalation policies have the following levels: Default: Applied to all new alerts with no defined escalation policy Class: Overrides default escalation policy for alerts created using the defined class Queue: Overrides all other escalation policies
Escalations within AMS can be triggered in multiple ways including inactive or unacknowledged alert within a customized timeframe. Escalations can be used to move alerts between queues, change priority, change display attributes, send notifications via Advanced Notification Services (ANS) and create Service Desk tickets. Do I need AMS? AMS can be seen, at a very high level, as an extension of the Event Management Held Messages area. It allows the most important alerts within an environment to be posted to dedicated queues where business rules can be applied to ensure the alert is processed within defined boundaries. Four easy steps to creating your first alert: Step One Create a new Queue Start the MCC and navigate via the left hand drop down to the Enterprise Management Section. Expand the Alert Management group and select Alert Queues Click on the New Queue icon Name the queue (e.g., Network Team ) and click on the green icon containing a tick to save and close The new queue has now been created and will be available in the MCC and UMP Step Two - Create a class and assign to it to the queue Expand the Alert Management group and select Alert Classes Click on the New class icon On the Main tab give the new class a name and class id and choose the new queue that you just created from the drop down. Class Name = Network Alerts Class ID = NetClass Initial Queue = Network Team For now we will not change most of the other tabs, but you can come back later to experiment with these settings. Click on the blue diskette icon to save the definition Click on the Message Policies tab to define the message record that will trigger the alert. Click on the new icon to define the message policy. In the pop up windows enter the following: Alert Text = This is my alert Event matching text = netalert* Click on the green icon with a tick to save and exit. Click on the green icon with a tick to save and exit.
The alert class is now defined and you will find a message record has been created with the name netalert. Run the following command from a command prompt to load the new MRA into Event Management. Oprcmd opreload Step Three Activate the alert To trigger the newly created alert class we will send a message to event management that will call the alert class. From a command prompt type: Cawto netalert Network alert to be sent to network team Step Four View the alert in MCC In the MCC navigate via the left hand pane drop down to Alerts Select the server name in the left hand pane and change the right hand pane content to Status this will then show the graphical view of the defined queues, Lock the padlock in the top right hand pane of the view to lock the view in place. Select the Network Team queue and the MCC will add a Queue view to the right hand screen. And you will be able to see your alert The alert details will contain the entire text of the message and by right clicking on the alert you will see the alert menu where you can carry out functions such as close, Acknowledge, Transfer. You can now go back and edit the class to change the color of the alert include a URL to launch of the alert and lots more. Enjoy
NSM SWAT Doctor - Your AMS questions answered Why don t I see the Alert drop down in the MCC? AMS utilizes the DIA protocol for communication between the MCC and the AMS manager. If DIA has not been configured the Alert drop down that should be available in the left hand drop down within the MCC will not be available and when the MCC is started you may receive a DIA warning dialogue box. More information on DIA concepts can be found in the Unicenter NSM r11 Implementation Guide. See page 42 for conceptual overview and page 70 for configuration steps. Can AMS queues be allocated to groups of users? AMS queues can be published though the Unicenter Management Portal and part of the publishing process is to set the access rights for the queues. Are alerts deleted from the database when they are closed? The AMS alert class defines a retention period that will denote how long a closed alert is saved in the database. Command line tools are provided to administer the AMS database tables. Caamsalertcsv: Create a CSV file containing archived / purged alerts and history Caamsarchive: Extract closed alerts to a file, Delete alerts from the database Caamspurge: Purged based on number of days since alert creation Caamspolicy: Extract / Reload AMS Policy How can I view closed alerts within the MCC? Closed alerts can be viewed via the MCC by creating an AMS filter to display alerts with the status Active =No. To create a new AMS filter: Select the Filters drop down from the Left hand MCC drop down. Right Click on the Alerts object and select New / Filter, This will create a blank filter called NewFilter_0 Select the new filter and right click to rename the filter, (Closed Alerts) When the new filter is selected, the right hand pane will show the edit window, change the filter rule to Active = No and click on the diskette in the top right hand corner to save the change
To apply the new alert right click in the alert pane windows and you will find the new filter under the Apply Filter option. When an AMS filter is applied the filter name will be displayed on the screen Does AMS integrate with Unicenter Service Desk? AMS creates service desk tickets through web services and can be used with Unicenter Service Desk V6 and r11. The service desk integration is configured in the AMS global definition settings and can be enabled through the AMS classes and the escalation policy; a ticket can be created automatically and tracked so that when the service desk ticket is closed the alert is also closed. By default AMS creates a Request in service desk can this be changed to create an Incident? AMS can pass attributes within the message to Unicenter Service Desk. One of these attributes (SDTicketType) can be used to choose a different ticket type. Example: The following event creates a Service Desk Incident with the assignee Smith, George, root cause Failure, description "Network interface is no longer responding on node " and severity 2. Network interface not responding. SDAssignee="Smith, George" SDRootCause=Failure SDDescription='Network interface is no longer responding on node &NODENAME' SDSeverity=2 SDTicketType=I Additional attributes are available. For a full list please refer to page 213 in the Inside Event Management and Alert Management Guide where you will also find further details on the service desk integration. What can the URL specified within the class be used for? When defining an AMS class there is an option to specify a URL and to include parameters. When a URL is specified it will appear within the alert. Alert parameters can be incorporated within the URL which will allow the URL to be launched in context with the alert. This functionality can be very useful when integrating with third product or in-house web-based applications.
Hints and Tips from the Unicenter NSM SWAT team If a service desk ticket has been created dynamically via AMS and the request number is included in the alert screen, it is possible, within the MCC, to launch directly to Unicenter Service Desk in context with the request number. This can be configured in the following location of the MCC menu bar View \ Options \ Connections, however, for this to work you must ensure that the MCC is configured with the Unicenter Service Desk URL (i.e., the standard web address for Unicenter Service Desk - http://servicedeskservername:port/caisd/pdmweb.exe) When you start using AMS ensure that the WV and Unicenter Service Desk components have been configured within the AMS global definitions. This will ensure that the alert association and integration works correctly. For information on configuring AMS please refer to page 185 in the Inside Event Management and Alert Management Guide.