1. Operations Monitor User Guide
  2. User Interface
  3. Alerts

Alerts

Operations Monitor has a notification system to warn you of important events called alerts. You can prioritize alerts and configure them to trigger certain actions. The Alerts page displays all alerts that have been raised.

The following alert types are supported:

  • Generic Metrics

    Statistics metrics exceed or fall below certain thresholds.

  • Device/Tag Metrics

    Statistics metrics exceed or fall below certain thresholds.

  • Synthetic KPIs

    Value for a synthetic KPI exceeds or falls below the given threshold.

  • Metric Baseline Deviation

    Allows comparison between a current KPI value and a previously captured KPI value. An alert is generated based on the difference between the two values.

  • User Devices

    A certain user device is detected by the system.

  • Voice Quality

    The quality for a percentage of calls falls beyond a MOS threshold.

  • Device Monitoring

    A device is down.

  • Limits

    An internal soft limit within Operations Monitor was passed.

  • Phone Number

    A certain phone number placed or received a call.

The Alerts table displays notifications. You can create or edit an alert definition in the Alert Definitions tab.

Alerts Table

Click Alerts in the navigation pane to display the alerts panel, as shown in the following figure.


img/alerts.png

The following table lists the Alerts panel table columns:

Table 3-1 Alerts Table

Column Description
Status Unread alerts are marked with a red icon. Clicking on the icon toggles the status as read/unread.
Date The date when the alert was raised.
Type The type of the alert. This columns allows for easy filtering.
Message The alert message explains why the alert was raised.
Priority Setting priority ranks the alerts. The alert entries with high priority are highlighted by a red background. Low priority alerts are displayed in a lighter color.

When you double-click an alert, a small window appears with an extended message and an offer to mark the alert as read.

The Mark all as read button respects table filters, and can be helpful when treating similar alerts. For example, to mark all statistic threshold alerts, enable Filters in the Type column and click Mark all as read. The Delete drop-down menu allows you to delete either:

  • Selected alerts (the check box in the first column is marked).
  • Alerts marked as read.
  • All alerts.

Upon initial installation of Operations Monitor, the only alerts raised are related to licenses. You must create Alert definitions to receive further notifications.

Note:

To avoid being inundated with alerts (for example Number of active calls exceeded 5000), Operations Monitor creates duplicate alerts only when the previous one has been deleted, marked as read, or when 1 day has passed.

Alert Definition Tab

Alert definitions establish which events on the system raise a notification. On the Alerts page, click the Alert Definitions tab to see a table of all definitions that have been created.


img/alert_definition_tab.png

Creating Alert Definitions

To create an alert definition:
  1. Click Add definition, which starts the Alert Definition wizard.
  2. In the Add an alert page, select an alert type (see the following figure). This also determines if parameters are required.
  3. Optionally, parameters have to be provided that tell Operations Monitor when to raise an alert and of that type. Some alert types do not require parameters.
  4. If desired, set actions to execute when the alert is raised, for example, to send an e-mail. For more information see, "Actions".
  5. Assign an alert name and priority for the notifications raised according to this definition. For more information, see "Alert Name and Priority".
  6. Click Finish to save the alert definition.
    Operations Monitor raises an alert whenever the specified event occurs.

img/alert_definition_wizard.png

Actions

For all alerts additional actions can be configured (see the following figure). All actions are optional and can be combined.
img/specifying_alert_actions.png
  • Send alert e-mail

    Sends an e-mail about the alert to the specified address. An SMTP access needs to be configured before. Please check the PSA manual for more details about configuring SMTP.

    For most alert types, a deep link to the source of the alert can be provided in the alert e-mail. To receive this link, you must first configure the External IP/hostname. For more information, see "External IP/hostname."

  • Create a trace

    Creates a trace of the current SIP traffic when the alert is raised. Enter an appropriate time span (in seconds) for packet capture to tell Operations Monitor how far back in time the trace should go.

  • Generate SNMP trap

    Sends an SNMP trap to a configured SNMP target. When this is enabled, Operations Monitor alerts can be tracked and analyzed by an SNMP manager in the network. For more information, see "SNMP Options".

Alert Name and Priority

For all alerts a name and priority needs to be provided (see the following figure). It is also possible to define a minimum number of active calls to trigger the alert. (Optional)To <manage/change/do something>:

Note:

The Minimum active calls condition is checked at the time of the alert generation, which is (depending on server load) one to several minutes later than the actual alert condition.

img/adding_alert_name.png

Editing and Deleting Alert Definitions

To edit a definition, perform one of the following actions:

  • Select the entry and click Delete.
  • Double click the entry.

To delete a definition, select the entry and click Delete definition. Once an alert has been deleted, Operations Monitor no longer raises a notification for this definition.

Parameters

The following sections describe the various parameters for each alert type.

Statistics Metrics

Alerts can be defined with either one or two metrics. The metrics are compared to a threshold value using a comparison operator (for example =, <, > or not).

When you input one metric, the alert is triggered if the metric exceeds or falls below the given threshold value, depending on the comparison operator provided. This is suited for alerts such as 'The number of registered users exceeds 20,000.' In this example, an alert is sent when the number of registered users exceeds 20,000. If you would like a second alert to notify you if the value falls below 20,000, you must create a second definition.

When you provide two metrics, Operations Monitor considers the difference of the two metric values to a given threshold value, and therefore allows for more sophisticated alerting scenarios. For example, a statistics metric value deviates too much from its average value.

The example in the following figure shows the metric configuration of the alert scenario 'The number of registered users fell by 1,000 in the last week'. For using this alert definition, you must set the regular value for the metric as well as its average metric. For more information, see "KPI/Metrics".


img/definitoin_alerts_based_metrics.png

Clicking on the Choose button for a metric displays the metrics dialog box (see the following figure), where you can choose a metric:


img/metrics_dialog.png

Synthetic KPIs

Synthetic KPI alerts comprise of a synthetic KPI metric, a comparison operation, and a threshold value as illustrated in the following figure . An alert gets triggered when the value for a synthetic KPI exceeds or falls below the given threshold. For more information on creating synthetic KPI, see "About Synthetic KPIs".


img/synthetic_kpis.png
User Agent

Operations Monitor keeps track of all user devices that are registered on the platform and raises an alert depending on the desired option.

Highlighted Devices

If a list of disapproved devices has been configured in User Devices, and Operations Monitor notices a user device from that list, an alert is sent. This option is recommended if User Devices is frequently updated so that the list can be centrally managed there. For more information, see "User Devices".

Alert on match

This option is intended for a more ad-hoc tracking of user devices. A regular expression can be entered to raise an alert when a matching user device is found. For every expression to track you need to add another alert definition.

The following figure shows an example configuration for detecting any AVM or Linksys devices.


img/defining_alerts_based_devices.png

Device Monitoring

This alert type refers to Device Monitoring and does not need additional parameters. Whenever a monitored device is down, an alert is raised. Only one alert definition of this type is needed. For more information, see "Device Monitoring".

Phone Number Alerting

The Phone Number type provides the possibility to alert on a specific phone number. The alert will be triggered when a call to or from a configured number is detected. To use this alert type the user needs to have the Number Alerting permission. Without this permission the Phone Number option will not be shown.

Phone numbers are configured in preferred number format. If the Use User Domains system setting is set to true then a phone number should be provided as a SIP user, that is, with a domain name: for example, 00403077811-call@example.com. If not, the phone number should be provided without domain (and without the @ sign). For more information, see "Use User Domains".

Note:

Only one number per alert can be defined. No wild cards are allowed.

A good strategy for setting up a number alert is to place a phone call to the desired number and look in the calls grid for the callee to get the exact SIP address/phone number to use for the alert definition.

The search for predefined phone numbers happens two times per minute, with calls that are at least 10 seconds old (in the early stages of a call, not all information needed is available). This means that a call in best case is detected after 10 seconds, in worst case after 40 seconds.


img/add_phone_number_alert.png