Documentation forLog Analyzer

Integrate Orion alerts with LA

On the Log Processing Configuration page, you can integrate alert actions into your custom rules, or create new rules and apply alert actions. You can configure your rule to send an event to the Orion Platform alerting engine when rule criteria are met, and also create a new alert that fires each time a rule is triggered.

For more information about Orion Platform alerting, see Use alerts to monitor your environment with the Orion Platform. To create a new rule, see Create custom log-processing rules.

Integrate an alert into an existing rule

  1. On the Log Viewer toolbar, click Configure Rules.

  2. In the Processing Policies pane, click to expand a policy group, and then click My Custom Rules.

  3. Select an existing rule, and then click Edit Rule.

  4. To integrate an alert, click Next, and then click Next again to view the rule actions.

  5. To send a log rule fired event to Orion Platform alerting, select the associated check box. This action allows you to see the event on the Manage Alerts page and use it when defining a custom alert.
  6. To create a new alert that fires when the rule is triggered, select the associated check box.

    The alert triggers aggregate and roll up, so if you experience a large number in one minute, you receive one alert that includes the trigger count. The first instance indicates one alert, and subsequent triggers are aggregated and published after one minute.

  7. Enter a name for the alert.
  8. From the drop-down list, select a severity level.

  9. Establish your reset conditions.
    • Reset this alert automatically after

      Select to reset an alert after a set amount of time has passed. If this interval is less than the amount of time you wait for different escalation levels, the escalation levels that occur after this interval do not fire. This reset condition is especially useful to remove event-based alerts from Active Alerts.

      For example, if the trigger conditions still exists after 48 hours, you can use this to trigger your alert actions again. The alert is reset and triggers as soon as the trigger condition is detected, which is as soon as the objects are polled for this example.

    • No reset condition - Trigger this alert each time the trigger condition is met

      The alert fires each time the trigger conditions are met.

      For example, when the alert for node 192.168.4.32 going down fires, a new alert for 192.168.4.32 fires every time the node is down when it is polled.

    • No reset action

      The alert is active and is never reset. To re-trigger the alert, the alert must be manually cleared from the Active Alerts view.

  10. Click Next. The rule summary displays the alert integration actions.

  11. Review the rule summary, and then click Save to apply the settings. To edit the rule conditions, click Back.
  12. To view your alerts in the Orion Web Console, navigate to Settings > All Settings.

  13. In Alerts and Reports, click Manage Alerts.

  14. In the search field, enter Log Manager.

  15. Select an existing alert to edit properties, enable or disable the alert, and assign actions.

You can also integrate alerts when creating a new custom rule and add multiple alert actions to one custom rule.

If you would like to modify the message and trigger actions of an out-of the-box alert, duplicate the alert, and then edit as needed. If you do not change the trigger condition, disable the out-of-the-box alert to avoid duplicate alert notifications.

To add the log message that triggers the alert, copy the macro below to the alert message definition on the Trigger Actions page.

${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}

To view and access linked alerts, click Trigger Orion Alert in your custom rules list on the Log Processing Configuration page.

To view your active alerts in the Orion Web Console, navigate to Alerts and Activity > Alerts. When your alert triggers, it appears in the All Active Alerts page along with all with all your other OrionAlerts. From here, you can acknowledge alerts, view alert details and clear the triggered instance of an alert.