Configuring alarm policies

This topic provides instructions for creating, editing, copying, viewing, enabling, disabling, and deleting alarm policies. To understand the concept of alarm policies and how they can be useful, see Alarm policies.

The following video (6:02) illustrates how you can create, edit, view, and delete alarm policies.

Note that the video displays screens from an earlier version, however, the information provided in the video is still relevant to the current version of the product.

Creating an alarm policy

On the Configuration > Alarm Policies page, click Create, and do the following:

  1. Specify a unique name and an optional description.
  2. Add a unique precedence number to the policy.
    You can add a custom value in this field, or use the arrows to increase or decrease the value. For more information, see Alarm policies.
  3. Create the conditions based on which the alarm will be generated.

     Constructing the alarm generation conditions

    You can define the alarm generation conditions for multiple or all instances.

    Start adding a condition by specifying these details:

    1. Metric and instance details: The metric and the number of instances for which you want to add this policy. Select one of the following options:

      Instance name

      The instance name is case sensitive. Ensure that you use the instance name as displayed in the Device Details page while defining the selection criteria.

      • All Instances

      • Multiple Instances: When you select multiple instances, you can define multiple conditions using parameters such as agent tag name, hostname, instance name, port, etc. You can also use regular expressions while defining multiple instances.

      Note that you cannot create multiple policies with duplicate metric information. Policies with duplicate metric information can be added only if you specify different instance types (all and multiple). In this case, the policy set for multiple instances gets precedence.

    2. Threshold details and post trigger actions: The threshold value, violation duration, and details about when the generated alarm must be closed eventually.
      Specify if the event must be closed immediately after it is generated or after the metric reaches a normal state and a duration equal to the violation time period has lapsed. You can also specify that the event must not be closed. Alarm events that are not closed remain open until they are closed manually, the policy is deleted, or the PATROL Agent associated with the alarm is deleted. To change any of the values, click them.

    Example 1: As per the condition defined in the following image (Monitoring solution: Linux; Monitor type: CPU; Metric: Utilization), when the CPU Utilization of all Linux computers whose instance name starts with 'CPU1' crosses the threshold of 75% for a period of 15 minutes, a Major alarm will be generated. After the Utilization returns to a normal state of below 75% and a 15 minutes lapse, the generated alarm is automatically closed.

    You can add multiple conditions per metric. To add additional conditions, click Add Condition. Click Duplicate Condition to create another condition with the same details that you can modify later. To add conditions for a different metric, click Add Instance Policy.

    If you have multiple conditions with varying threshold values and severity levels, an alarm is generated when the first condition is breached. When the next condition is breached, a new alarm is not generated. Instead, the severity of the first alarm changes.

    Suppose you added these conditions:

    • If CPU utilization crosses 75% for a period of 15 minutes, generate a Major alarm.
    • If CPU utilization crosses 85% for a period of 15 minutes, generate a Critical alarm.

    In this scenario, when the CPU utilization of a computer crosses 75% for a period of 15 minutes, a Major alarm is generated. When the CPU utilization of the same computer crosses 85%, the earlier alarm severity changes from Major to Critical. If the CPU utilization returns to 75%, the alarm severity changes from Critical to Major.


    Example 2: As per the condition defined in the following image (Monitoring solution: Linux; Monitor type: CPU; Metric: Utilization), when the CPU Utilization of all Linux computers whose agent tag name is production and agent host name begins with clm crosses the threshold of 75% for a period of 15 minutes, a Major alarm will be generated. After the Utilization returns to a normal state of below 75% and a 15 minutes lapse, the generated alarm is automatically closed.


    Example 3: The following example uses a regular expression while defining multiple instances. As per the condition defined in the following image (Monitoring solution: Linux; Monitor type: CPU; Metric: Utilization), when the CPU Utilization of all Linux computers whose agent host name matches the regular expression AM-.* and instance name matches the regular expression ^0.*, crosses the threshold of 75% for 15 minutes, a Major alarm will be generated. After the Utilization returns to a normal state of below 75% and a 15 minutes lapse, the generated alarm is automatically closed. The following example explains how the regular expressions defined in the following image helps you to filter the instances based on agent host names and instance names.

    • Agent host names
      • hostAM-34TEST1
      • devAM-PRODSETtest
      • M-PSRTESTserver
      As per the agent host name regular expression AM-.*, only 2 host names (hostAM-34TEST1 and devAM-PRODSETtest) are selected from the preceding list.
    • Instance names
      • 04578
      • 0prodtest
      • qa0test
      As per the instance name regular expression ^0.*, only 2 instance names (04578 and 0prodtest) are selected from the preceding list.

  4. (Optional) Select Enable Policy.
    You can enable or disable the policy any time from the Alarm Policies page.
  5. Save the policy.

Can I create a new policy using an existing policy?

You can create a new policy quickly by copying an existing policy and editing the configurations. For more information, see Copying an alarm policy.

Editing an alarm policy

On the Configuration > Alarm Policies page:

  1. Do one of the following:
    • Select the policy and click Edit.
    • From the Actions menu of a policy, select Edit.
  2. Change the configuration details provided while creating the policy and click Save.

Copying an alarm policy

On the Configuration > Alarm Policies page:

  1. Click the action menu of the policy that you want to copy and select Copy
    The Create Alarm Policy page is displayed with the configurations of the copied policy. 
  2. Modify the configurations according to your requirements to create a new policy quickly. 
  3. (Optional) Select Enable Policy.
    You can enable or disable the policy any time from the Alarm Policies page.
  4. Save the policy.

Viewing the list of alarm policies

On the Configuration > Alarm Policies page, view the list of alarm policies.

By default, the policies are sorted by Name. To sort on a different column, click the column heading.

Enabling or disabling an alarm policy

On the Configuration > Alarm Policies page, do one of the following:

  • Select the policy and click Enable or Disable.
  • From the Actions menu of a policy, select Enable or Disable.
  • Edit the policy and select or clear the Enable Policy check box.

What happens if I enable or disable a policy?

  • What happens when I disable an enabled policy?
    All alarms that are created based on the policy are closed.
  • What happens when I enable a disabled policy?
    New alarms are created based on the policy criteria with new event IDs.


Deleting an alarm policy

On the Configuration > Alarm Policies page, do one of the following:

  • Select one or more policies and click Delete.
  • From the Actions menu of a policy, select Delete, and click Yes.

What happens to an open alarm?

In the policy post-trigger actions, if you have specified that the alarm must not be closed, such alarm events are automatically closed if they are not updated for more than 30 days. All the closed events older than 4 days are automatically deleted from the system. For more information, see Understanding event states. However, if you delete such a policy or the PATROL Agent associated with such an alarm is deleted, the alarm is automatically closed.


Was this page helpful? Yes No Submitting... Thank you

Comments