IBM DataPower Operations Dashboard v1.0.13.0
A newer version of this product documentation is available.
You are viewing an older version. View latest at IBM DPOD Documentation.
Alerts
DPOD can publish alerts when certain predefined events occur, for example, when device CPU is over 80%
Alerts can be viewed and managed from the Alerts Setup page
Terminology
Alert Query - the metadata that defines the alert parameters (for example, count all the system errors from the last 10 minutes in domain DMZ)
Alert Execution - one execution of the alert query
Alert Publishing - when an alert returns positive results, it will be published to interested parties via email or syslog
Alert Query
Each query consists of a type, period, an operator and a threshold.
In addition, you can define filters, so the query will run on specific devices, domains or services.
DPOD supports 4 types of alerts queries:
Type | Description | Example |
---|---|---|
Frequency | The condition will be met if there were X events in the checked time | More than 5 system errors occurred in the last 10 minutes |
Flatline | The condition will be met if there is a value above a certain threshold | Device CPU is above 80% |
Any | The condition will be met if any results are returned for the query | A DataPower object is down |
List | The condition will be met if a result is in/not-in a pre-defined list of values |
Alert Execution
An execution is one instance of the alert query, there are 3 ways to execute a query:
- Scheduled - Enabled queries can be scheduled to run on a specific time or on a fixed interval.
- Test Via the web console - Click the "Test" button in the Alerts Details Page for a one time only execution, you can use it for testing the query before scheduling it.
- Via the REST API - an alert can be executed remotely via the REST API (for example, with CURL), the REST API URL for each query can be found in the Alerts Details Page, Example can found here
Alert Publishing
The alert will be published once an alert execution run an alert query and generated one or more results.
The alerts can be published via the following facilities:
- Email (or Email WS) - an email will be sent for every generated alert.
Make sure that "Enable Queries Emails SMTP" (or "Enable Queries Emails SMTP WS") is set to true in the System Parameters page.
For further details about the format of the email message see Alerts Email Format. - Syslog message - a Syslog message will be sent for every generated alert.
The Syslog target server's host name, port and the syslog severity field value (Error, Info, etc.) can be configured in the System Parameters page.
For further details about the format of the Syslog message see Alerts Syslog Format.