Alerts tab

You can define thresholds on Thread (and other) counters on the Alerts tab. When an alert threshold is exceeded, a new syslog message is generated and fed back into the message log to annotate the message stream. Additionally, an alert can open a ticket on the system, which can trigger special notifications and actions.

The following figure displays the Alerts tab and its subtabs:

Various types of alerts are available. Each alert defines a particular condition (either a rate or combination of events) that results in actionable data. Each alert provides the ability to assign an action to a user (through the Ticket screen). Finally, each alert can trigger a Ticket Action, such as sending an email or performing corrective action.

You can add, edit, or delete alerts. You can specify an alert condition, compare function, threshold, and interval. Additionally, you specify a new syslog message, facility, severity, and indicate whether a second syslog message should be issued when the counter threshold returns to normal.

The Alerts application contains a Config tab that provides general utility for configuring the various elements of the correlation process. For detailed information about correlation techniques and usage, see Using-counter-alerts.

Both admin- and user-type logins can add or modify BMC Defender Server alerts.

This section provides information about the following topics:

For information about Automated Response alerts, see Sending-response-requests-to-BMC-AMI-Datastream.