Alarms

Description

An alarm is an event generated by a Netreo monitoring check when its configured failure parameters are met and the check enters a critical state. Alarms are displayed visually on dashboards in red.

Alarms should not be confused with alerts. An alarm is an event, caused by a monitoring check becoming critical. While alerts are text-based notifications about an incident that are sent to users.

An alarm is always associated with an incident (as either the primary alarm or a related alarm, see incident management) and may be viewed in the Incident View dashboard for any particular incident.

Details

Each type of monitoring check has its own criteria for when it will generate an alarm. See the individual entries for each check type for more information. (Note that WebART and EmailART checks are actually just compound checks consisting of a combination of service and threshold checks.)

• Service check
• Threshold/anomaly check

When a monitoring check generates an alarm, that alarm contains the following information:

• The title of the alarm, which is the name/description of the monitoring check that generated it. When building incident management rules  this is used for the alarm description.
  • For service checks, it is the user-supplied name of the check entered into the check's DESCRIPTION configuration field (for example, "Configuration Save Check"). Note that this applies to host availability and configuration management service checks as well.
  • For threshold/anomaly checks, it is the name of the variable the check is monitoring (for example, "Round-trip Latency for WinAD"). Note that this applies to WebART and EmailART threshold/anomaly checks as well (for example, "Public Web Site Total Time [Web App Check] page").
• The current state of the check that generated the alarm.
• The name of the managed device to which the generating check is attached.
• The date/timestamp of when the alarm was generated.

Once an alarm is generated, it immediately attempts to open a new incident to house it and its information. (If Netreo's incident management system determines that a new alarm is being caused by the same problem as another existing alarm that has already opened an incident, that alarm is bundled into the open incident rather than being allowed to open a redundant new incident of its own. See Incident Management for more information.)

While an alarm is occurring, the monitoring check that generated it continues to perform its monitoring duties. If the results eventually return that check's state to OK, the resulting alarm is cleared and its associated incident is notified. When all alarms associated with an incident have cleared and a specific period of time has passed (typically five minutes), that incident automatically closes itself and records the event in the audit log. (It is important to note that an incident cannot be closed until all of the alarms that it contains have cleared.) See Incident for more information.

Alarm Management

Alarms cannot be directly interacted with in Netreo, but they may be viewed in the Incident View dashboard of the incident with which they are associated.

To view the alarms for an incident:

1. Locate the incident for which you wish to view the alarms. Two ways to do this are:
   • Go to the main menu and selecting Quick Views > Active Incidents. Locate the incident in the list and select it.
   • If you received an alert notification for an incident, enter its ID into the search box of the main menu bar, then select its entry from the search results.
2. Any current alarms associated with that incident are displayed in the Incident Detail panel of the Incident View dashboard.