NEC ESMPRO AlertManager User's Guide Chapter 1 Installing the Alert Manager Chapter 2 Using the Alert Manager Appendix Notes AM_E-UG-W-001-01-001 © NEC Corporation 2011
Contents Contents..........................................................................................................................................................................2 Abbreviations of Operating Systems...............................................................................................................................3 Trademarks......................................................................................................................................................
Abbreviations of Operating Systems Windows Operating Systems are referred to as follows.
Trademarks EXPRESSBUILDER, NEC ESMPRO, and NEC EXPRESSCLUSTER are registered trademarks of NEC Corporation. Microsoft, Windows, Windows Vista, and Windows Server are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. MegaRAID is a registered trademark of LSI Corporation. All other product, brand, or trade names used in this publication are the trademarks or registered trademarks of their respective trademark owners.
Warnings and Additions to This Document 1. Unauthorized reproduction of the contents of this document, in part or in its entirety, is prohibited. 2. The contents of this document may change without prior notice. 3. Do not make copies or alter the document content without permission from NEC Corporation. 4. Every effort has been made to ensure the completeness of this document. However, if you have any concerns, or discover errors or omissions, please contact your retailer. 5.
1. Installing the Alert Manager Alert Manager software is installed automatically in the Agent and the Manager when Agent software and NEC ESMPRO Manager software are installed. No settings are required to install the Alert Manager.
2. Using the Alert Manager 2.1 Report the Alert Function The function of the Alert Manager is to direct and manage reports on the alerts occurring on the server.
- Method of actually simulating the report to the destination related to the monitoring alert by generating the test alert. – Save and restore the Alert Manager setting information including base setting, destination setting and monitor event to a file. Alert Monitoring – Filtering function - extracts the monitor alert under the set conditions. The conditions indicate event source name, server name, and so forth. Conditions to be set depend on the time of event log monitor and alert log monitor.
The report contents include a detailed message, support method, and alert type. The message can be edited and the report contents can be selected at the time of setting. – Command execution function: A specified command is executed. Alert Manager can pass the specified command alert information as command line arguments. – Client report function: The report method can issue multicasting messages to the client computer in the same domain.
2.4 Operation Preparation Setup To set up the Alert Manager, you must match the event or alert that is to be reported with the report destination and when it is to be reported. 1. Start the Alert Manager setting tool. In the Manager, bring up the Alert Viewer and select Report Settings in the Tools menu. In the Agent, click on the NEC ESMPRO Agent icon in the Control Panel and select Report Settings in the General sheet. 2. Perform Base setting. 3. Create a list of report destinations. 4.
Base Setting The base setting consists of the following three items. Setting reporting measures (*1) Setting report reception (*2) Other settings (*1) *1 Set in both an Agent and a Manager. *2 Set in a Manager only. The following can be set on the Base Setting window. – Function valid/invalid status: Green indicates the function is valid and red indicates the function is invalid. Clicking on this bitmap switches valid/invalid indication.
– Setting reporting measures: Reporting measures are required for reporting and are measures other than the destinations. This section discusses the structure of each reporting measure. Some reporting measures require setting of functions other than Alert Manager functions. Manager report (SNMP) requires a structure of the SNMP service of Windows and manager report (TCP/IP Out-of-Band) requires a Remote Access Service structure of Windows.
– Setting report reception measures: The setting of a report reception indicates the preparations required for the manager to receive a report. Here, it refers to a structure of each reporting measure such as "setting a mode used for receiving manager reports." Bitmap report reception measures Receive from Agent (*1) *1 Set in Manager only. NOTE: To receive the alert, make settings by clicking the function status bitmap and change to green.
Setting Destinations Destination setting consists of the following four items. Setting destination IDs Setting destination ID groups Selecting a reporting measure and a designation for each destination ID Setting a report schedule for each destination ID NOTE: At installation, set the minimum number of destinations, destinations ID, and ID groups required in the Alert Manager.
– Setting destination ID groups: A destination ID group can be created by grouping a number of destination IDs. In the destination ID group, ID groups can be added, edited, or deleted. Bitmap Reporting measures destination ID group – Selection of reporting measures and setting destinations: One reporting measure can be selected for each destination ID. To set multiple report IDs for one destination, create multiple destination IDs and group them.
Setting Monitor Alerts The setting of monitor alerts consists of the following four items. Setting monitor events (*1) Setting monitor alerts (*2) Associating monitor alerts with report destinations (*3) Report test (*1) *1 Set in an Agent only. *2 Set in a Manager only. *3 Set in both an Agent and a Manager. At installation, monitor alerts and reporting measures have been associated. Use tree windows for all the settings.
A tree is displayed on the left side of the Alert Manager screen. A tree can be switched by pressing the tree selection button. Monitoring event trees are organized in the following hierarchical structure. - [Event Log Type] - [Event Source] - [Event ID] - [Report destination ID (or ID group)] Event Log Type Event Source Event ID Report destination ID Bitmap Event log type (System, Security, Application) Event source name of the event to be monitored Event ID of the event to be monitored.
– Setting monitor alerts (Manager's function): Set for each alert to be displayed on the tree. Setting results are listed on the right side of the tree. When you right-click a server name or alert type in the Tree View (left pane), you have the following context menus. - Select Monitor Alert - Link Destination A tree is displayed on the left side on the Alert Manager screen. A tree can be switched while pressing the tree selection button.
– Association of monitor alerts with report destinations: Associate each event displayed on the tree with a report destination. Setting results are displayed in the list on the right side of the tree. For the association, multiple destination IDs and destination group IDs can be set. Click the event to be set and drag it while pressing the right button of the mouse.
2.5 Operation 2.5.1 Overview This section gives an explanation of practical operation for Alert Manager. Basic operation of setting tool Setting according to report method Setting according to report receiving method Other settings 2.5.2 Basic Operation of Alert Manager Setting Tool Base Setting Base Setting window This window is used to make the basic setting of Report methods, report receiving methods, and others in Alert Manager.
– Report method list: Bitmaps indicating report methods, report valid/invalid bitmaps are displayed. – Report method bitmaps: This bitmap indicates the report method. – Report valid/invalid bitmap: Green indicates the report valid and red indicates the report invalid. Clicking on this bitmap switches valid/invalid indication. – Report method description: Selecting the report method displays description for the report method.
– Receiving valid/invalid bitmap: Green indicates receiving valid and red indicates receiving invalid. Clicking on this bitmap switches valid/invalid indication. – Report receiving method description: Selecting the report receiving method displays the description for the report receiving method. – Configure button: This button makes the base setting of the selected report receiving method. However the Configure button is not available in some report receiving methods.
Destination Setting Destination Setting dialog The setting is made by selecting Destination Setting of the Setting menu or a button of the toolbar. ID and Group set in the address book are listed. – ID list: ID : ID names are displayed. Method : Report methods are displayed. Address : Addresses are displayed. – Group list: Group : Group names are displayed. ID : An ID list included in the group is displayed. – Add ID button: An ID is added.
– Delete ID button: An ID selected from the ID list is deleted. – Add Group button: Group is added. Pressing this button displays a Group Setting dialog box. – Modify Group button: IDs to be added to Group are modified on the Group selected from the Group list. Pressing this button displays a Group Setting dialog box. – Delete Group button: Group selected from the Group list is deleted. – Close button: Destination Setting dialog closes. ID Setting window – ID: ID names are displayed.
How to Make Setting For addition: 1. Enter an ID name. 2. Select a reporting method in the Method field, such as Pop-up message, Run Command, or Print. 3. If the Address button is available, select it and set the address. 4. Click on Schedule to set a schedule. 5. Click on OK. For modification: 1. If necessary, press the Address and Schedule button to make the report destination setting and schedule setting. 2. Click on Close.
Group Setting window – Group Name: Group names are displayed. – ID: An ID list is displayed. IDs included in the Group Member are not displayed. – Group Member: An ID set as a member of a group is displayed. – Add button: IDs selected from the ID list are moved to the Group Member list. – Remove button: An ID selected from the Group Member list is moved to the ID list. How to Make Setting For additions: 1. Enter a group name. 2. Select the ID to include in the group member from the ID list. 3.
Schedule window – Retry Interval: Set the retry interval in the range of 1 to 30 minutes. – Whole Retry Time: Set the maximum retry time in the range of 0 to 240 hours. – Reporting Time Table: Set the reportable time periods.
Addition of Monitoring Object Event Use the dialog box below to select which Event ID to monitor. Select Monitor Event window – Source: A source name is selected. – Event ID List: Event IDs of the selected Source are listed. – Monitor Event: Event IDs of the report object are listed. How to Make Setting 1. Select Source. 2. Select the event ID you want make it a report object from an Event ID list. 3. Pressing the Add button moves the selected event ID to the Monitor Event list. 4.
Addition of Monitoring Object Alert Use the dialog box below to specify which alerts will be monitored and reported. Select Monitor Alert window – Server Name: A server name is selected. – Alert Type List: Alert Type of the selected server name is listed. An important degree (Information, Minor, Major, Other) is indicated behind Alert type. – Monitor Alert Type: Alert Type to be reported is listed. To Make a Setting 1. Select the Server Name. 2. Select the Alert Type to be reported from the list. 3.
Monitor Event Setting Use following dialog box to enter the action to be taken for each monitored event. Monitor Event Setting window – Source: Source name is displayed. – Event ID: Event ID is displayed. – Event Message: Message is displayed. – Trap Name: Enter a trap name. – Operation After Notification: Select an action after notification. – Recovery Action: Set how to handle. – Suppress button: This button makes the setting of the report suppress.
Suppress window – Suppress Interval: Mark this check box to suppress report of the same event during the Suppress Interval. – Suppress a report of the same event for [ ] minutes: Set the Suppress Interval in the range of 0 to 1440. If you set 0 minute, no report is suppressed and all events are reported. – Number of occurred event: Mark this check box to report when same event occurs specified times per specified interval.
Destination Association Setting Use following dialog box to specify which destination IDs and/or which destination groups you want to report to. Link Destination window – Source: Source name is displayed. – Event ID: Event ID is displayed. – Event Message: Message is displayed. – Destination ID List: An ID list is displayed. – Report To: A report object ID list is displayed. – Add button: An ID selected from the Destination ID list is moved to Report To.
– Remove button: IDs selected from the Report To list are moved to the Destination ID list. – ID list: Information for IDs selected from the Destination ID and Report To lists is displayed. – Group list: Information for IDs selected from the Destination ID and Report To lists is displayed. To Make a Setting 1. Select the ID to be reported from the Destination ID list. 2. Clicking on Add moves the ID to the Report To list. 3.
[Manager (TCP/IP In-Band)] dialog – [IP address (or host name)]: An IP address (or host name) of the remote Manager is set. Make sure to specify the IP address of the remote Manager. NOTE: If the remote Manager to be set has already been specified as the trap destination of the SNMP service, release the trap destination setting of the SNMP service. NOTE: Exercise the care to avoid duplicate setting of the same IP address (or host name) for the trap destination of the SNMP service after this setting.
No base setting is required. Before setting the destination, make configuration of the Remote Access Service. Additionally set an entry of the Remote Access Service. If the entry of the Remote Access Service is not set, no destination setting can be made. For the destination settings, make the following settings. [Manager (TCP/IP Out-of-Band)] dialog – [IP address (or host name)]: An IP address (or host name) of the remote Manager is set. Be sure to specify the IP address of the remote Manager.
– [Port number]: The port number used for the communication between sockets can be set. For this number, the same value must be set to the Agent and remote Manager (the default value is 31134 for both Agent and remote Manager). Do not change the value as long as the default value works. IMPORTANT: If the default value does not work, set the port number in the range of 6001 to 65535. Clicking the [Default] button resets the number to the default value (31134).
Internet Mail For the base setting, make the following settings. [Internet Mail Base Setting] dialog – [Mail Server (SMTP)]: Specify either an IP address or the name the Internet Mail Server will be using. (This Mail Server needs to support SMTP.) – [E-mail address]: Type in the E-mail address for your mail account in the form user@domain. – [OK]: Set information is added and this dialog box closes. – [Cancel]: This dialog box closes with no set information added.
For the destination settings, make the following settings. [Internet Mail Destination Setting] dialog – [To]: Type in the E-mail address (To:) in the form user@domain. Be sure to divide it with , (comma) when you specify plural addresses (e.g. abc@Zzz.Com, xyz@Zzz.Com). – [Subject]: Enter a title of the mail. – [Message Head]: To send a message, enter information. message header and alert information.
– [User]: Enter RAS user name. – [Password]: Enter RAS user's password. – [Base Setting]: To open the Internet Mail Base Setting dialog, press this button. – [OK]: Set information is added and this dialog box closes. – [Cancel]: This dialog box closes with no set information added. – [Test]: For the test report, press this button. The test result can be checked by a message.
Pop-up Message No base setting is required. For the destination setting, make the following setting: [Pop-up Message Setting] dialog box is used to set and modify the display of a pop-up message of failure information. [Pop-up Message Setting] dialog – [Title]: A title of a pop-up message is written. – [Computer Name]: To display a computer name, mark this check box. – [Product Name]: To display a product name, mark this check box. – [Date]: To display a date, mark this check box.
Printer Output No base setting is required. For destination setting, make the following setting. [Print Setting] dialog is used to set and modify the printer output of failure information. [Print Setting] dialog – [Printer Name]: A printer name is displayed in this column. – [Printer...]: To modify a printer, press this button. – [Header]: A header comment to display with failure information is written. – [Computer Name]: To display a computer name, mark this check box.
– [Time]: To display a time, mark this check box. – [Event Source]: To display a source name, mark this check box. – [Event ID]: To display an event ID, mark this check box. – [Event Type]: To display an event type, mark this check box. – [Event Message]: To display details, mark this check box. – [Recovery Action]: To display how to handle, mark this check box. – [Alert Type]: To display an alert type, mark this check box. – [Footer]: A footer comment displaying with failure information is written.
Writing to File Base setting is not required. For the destination setting, make the following setting: [Write File Setting] dialog is used to set and modify the settings for writing the failure information to a file. [Write File Setting] dialog – [File Name]: A file name writing information is displayed. – [File...]: To Add or modify a file name press this button. – [Header]: A header comment displaying with the failure information is written.
– [Time]: To display a time, mark this check box. – [Event Source]: To display a source name, mark this check box. – [Event ID]: To display an event ID, mark this check box. – [Event Type]: To display an event type, mark this check box. – [Event Message]: To display details, mark this check box. – [Recovery Action]: To display how to handle, mark this check box. – [Alert Type]: To display an alert type, mark this check box. – [OK]: Set information is added and this dialog box closes.
Command Execution No base setting is required. For the destination setting, make the following setting: [Run Command Setting] dialog – [Command Line]: A file name to write information is displayed. The information can be directly entered into the edit box. The following specification is available for the command argument. – %a Alert type – %i Event ID – %n Trap name – %r Server name – %s Event source name – %t Alert occurrence time Example: ap.
Client Report No base setting is required. Refer to the following for the explanation about Destination setting. [Report to Clients Setting] dialog – [Report to All]: Select this if you want to report to all the computers. – [Report to Select]: Select this if you want to report to specific computers in Domain Group. – [Computer List]: The computer is not reported. – [Selected Computer]: The computer is reported. – [Add]: Move selected computers from [Computer List] to [Selected Computer].
– [Cancel]: This dialog box closes with no set information added. – [Alert Item]: For selecting report items, press this button. – [Test]: For the test report, press this button. [Alert Item Setting] dialog – [Computer Name]: Check this to display a computer name. – [Date]: Click this to display a date. – [Time]: Click this to display a time. – [Event Source]: Click this to display a source name. – [Event ID]: Click this to display an event ID.
2.5.4 Setting According to The Report Receiving Method The [Receive] property sheet of the [Base Setting] dialog is used to select a method from a list and the setting is made in the dialog displayed by pressing the [Configure] button. To report the Alert, make settings by clicking the function status bitmap and change to green. Setting of Alert Receiving from Agent (TCP/IP) Make the setting as follows: [Receive from Agent (TCP/IP) Setting] dialog is used to set and modify a socket receive.
2.5.5 Setting According to Other Report Receiving Method Select the setting method from a list in the [Other] property sheet of [Base Setting] dialog and make the setting in the dialog displayed by pressing the [Configure] button. Setting of Time Elapses Before Shut Down [Shutdown Delay Setting] dialog – [Shutdown Delay]: Enter the time that elapses before shut down. The setting is available in a range of 0 to 60. Set contents become available immediately after the setting is made.
2.5.6 Save and Restore of Alert Manager Setting Make the setting in the dialog displayed by pressing the [Save Alert Manager Setting] or [Restore Alert Manager Setting] or [Save Monitor Event] of [Options] menu. Setting of "Save Alert Manager Setting" You can save the Alert Manager setting information including base setting, destination setting and monitor event to a file. [Save Alert Manager Setting] dialog – [Computer Name]: Computer name is displayed.
Setting of "Restore Alert Manager Setting" You can restore the Alert Manager setting information from the file to your system. The file must be the following. 1. The file which is saved in the Alert Manager of the same version. 2. The file which is saved on the same product environment. [Restore Alert Manager Setting] dialog – [Computer Name]: Computer name is displayed. – [Description]: The description which is inputted in the [Save Alert Manager Setting] dialog is displayed.
Setting of "Save Monitor Event" You can save the monitor event information of the Alert Manager (including monitoring event, monitoring alert, monitoring indication, trap name, event message, destination etc.) to CSV file. The monitor event which can be selected is different according to the installed product (NEC ESMPRO Agent, NEC ESMPRO Manager etc.). [Save Monitor Event] dialog – [EventLog]: To save a monitor event information of the Event Log in a CSV file, mark this check box.
Appendix The following report methods cannot be used after you installed this product even if they could be used before installing. – Pager – Mail (MAPI) – Receive from SMB – SMB Alert Note on Windows Vista and Windows Server 2008 or later – The Report Method That Cannot Be Used: "Report to Client" method cannot be used. Although no error appears even if you enable this method, it just does not work. "Command execution (Run command)" method and "Pop-up Message" method are not supported.
