BMC Defender Server advisory facility

BMC Defender Server includes a built-in advisory function that performs hourly checks on a variety of system performance metrics, including disk space utilization, process execution, thread counts, message loading, and other checks. If any anomaly or warning indication is discovered during these checks, a special Advisory icon and link appears at the top of the screen and the operator can click down to view the advisories.

No special configuration or setup is required to enable the Advisory function. A complete list of advisories can be viewed, enabled, and disabled using the User Preference screen (accessed through the System > Prefs tab) by clicking on the Modify Advisories towards the bottom of that screen. By default, all advisories are enabled for all users. An operator can acknowledge advisories and can disable specific advisories in their logon profile.

Advisories are distinguished from tickets and other events in that advisories apply to BMC Defender Server system performance and health (as opposed to tickets, which generally pertain to the security and health of monitored systems). Various built-in health functions exist, and the administrator can post and advisory through the More > Post Advisory screen that appears in the advisories of all users of the system.

Generally, any advisory of the system should be investigated and addressed as stated in the advisory text. Although an operator is free to disable any advisory, this should be done cautiously in order to avoid masking a potentially serious system health issue or security risk. The operator can see a list of Recent Advisories through a link on the main advisory screen and within his or her user preferences. Users should occasionally audit this list of recent advisories to see if there are any advisories of interest that you might have missed.

Local System Advisories

The Advisory function includes a Local Advisory capability that permits a system administrator to post an advisory message to all users of the system. The administrator accesses this function through the More > Post Advisory screen (in the upper right corner of the BMC Defender Server display.)

Each local advisory can contain up to 250 characters of text and each advisory contains an expiration time in hours. (After the specified expiration time, if a user has not yet acknowledged their advisories, the advisory is eliminated on the system.)

The Local Advisory function furnishes the administrator with the capability to issue advisories that affect workflow, such as warning indications that might exist in the enterprise associated with emergent threats. Unlike advisories generated by the system that are generated each hour, local advisories are immediately displayed for all users. Otherwise, local advisories operate in a manner similar to the built-in advisories.

Auditing Recent Advisories

If a user has disabled a particular advisory, the complete list of advisories is still available to you through the Audit All Recent Advisories link. This link appears at the top of the System Advisory Screen and can also be accessed from the User Preferences screen.

The Audit All Recent Advisories link allows a user to see advisories that might be disabled in their preferences. In particular, this affords a way to see if the user is missing important advisories, allowing you to re-enable these advisories in their preferences. Advisories are listed in chronological order of occurrence and contain the number of times that the advisory occurred, along with any information specific to the advisory.

All advisories that are older than the Keep Data setting (by default 30 days) are dropped from the audit list.