Custom alerts

In addition to the various alerting facilities described previously, the server includes a Custom Alerting facility, that furnishes specialized alerting functions, including the ability to create custom alerts based upon user-supplied batch files. This tab is available from the top-level Alerts tab and operates in a fashion similar to other BMC Defender screens.

Two types of custom alerts are available, selectable using a drop-down menu on the AddNew (or Wizard) screens of the custom alert facility.

• User Program—The operator can create a simple batch file, that outputs (to standard output) a series of values of any type. The custom alert facility matches the output with an expression, and if a specified number of matches exists, an alert gets raised, and a ticket is opened. This type of alert is good for simple extensions associated with well-known methods, such as polling POP3 mailboxes, checking for file existence, or any easily scriptable check.

• Parse Value Alert—This is an alternate and specialized type of alert, that essentially works like the Analyze function. You specify a thread and a match pattern. Periodically, the program analyzes the messages in the thread using the parse function, and if a specified number of parsed instances exists, an alert gets read, and a ticket is opened. This type of alert is good for checking field values in a message, such as raising an alert if more than 10 occurrences of a value (contained in a field within a message set) exist in the last 60 seconds.