The purpose of this document is to provide a detailed overview of the Redline alert configurations. Specifically, this document is going to address the common questions associated with MultiFire, Alert Escalation, Back To Normal, and Self Correction Delay.
Alert, Alert Escalation, Back to Normal Alert,
and Self Correction Delay
are features that can help administrators more effectively manage thresholds and recommendations in their system and minimize false alerts. These settings can be enabled on a global level or individual agent level. Letâs examine the following threshold/recommendation settings closer. MultiFire Alert: MultiFire
is a configuration option on an alert. It provides a way for an administrator to be continuously reminded of a problem that does not get resolved. An alert using MultiFire
will send out a notification (Email, Broadcast, SNMP, API) at a defined interval until the alert is solved. The MultiFire
interval is set at the Control Center in the Configure | Analyzer page. The MultiFire
interval is a global setting and applies to all MultiFire
events. The interval cannot be set to a different length of time for each alert.
Alert Escalation:Alert Escalation
- For step-by-step instruction on how to set MultiFire alerts, click here.
provides the administrator with a way to increase the severity of an alert over time. Alert Escalation
works in conjunction with the MultiFire
alert option which also must be enabled in order to function. With each MultiFire
interval, Alert Escalation
raises the severity of an alert one level. For instance, if an agent is not responding, the first alert may be set to a very low severity, (Informational). When the MultiFire
interval is reached, the alert level will be raised to the next higher severity, (Minor). In this example, if the alert has not been solved over four MultiFire
intervals, the alert will cycle from Informational, to Minor, to Problem, until finally a Critical alert will be generated. If an alert reaches Critical severity it will remain there until marked solved. Any alerts configured to use Alert Escalation
will escalate to Critical severity if they are not resolved within the appropriate intervals. You may set the starting severity of an alert, but you cannot set the ceiling.
Back to Normal Alert: Back to Normal
- For step-by-step instruction on how to setup Alert Escalation, click here.
Alert is a feature designed to automatically manage alerts that occasionally exceed their conditions and then return to normal shortly thereafter. An example of this may be a mail queue from an email blast, or number of threads in use on an agent. When enabled, a Back to Normal
type of notification is generated through the alert system when the condition returns to normal. The alert is marked solved with "BackToNormal" as the user and it is removed from the Alerts page. This is done without any need for administrator intervention. The email address assigned to the alert will receive an email containing the string "BackToNormal" indicating the alert has been resolved.
Self Correction Delay: Self Correction Delay
- For step-by-step instruction on how to set Back to Normal, click here.
is designed for monitored agents that vary in their response time. This is an ideal feature to use when dealing with a remote post office on a slow WAN. The slow response can often trigger a false alert. To minimize a potential false alert, Redline will forgo notification (the alert still fires) for the next reporting cycle (2 minutes by default). If the situation resolves in the next cycle, the alert will be automatically resolved, and no notification will be sent. The record of the alert remains stored in the database, and will be listed as solved by "SelfCorrected". However, if two sequential cycles are missed, a notification will be sent and the alert will be handled according to it's normal settings.
- For step-by-step instruction on how to setup Self Correction Delay, click here.
Below is a graph to help visualize what actions will be taken when each of these options are enabled. They may be combined together with one rule; Alert Escalation must always run with MultiFire. MultiFire does not require Alerts Escalation however. Each of these options are contingent upon the alert itself being enabled.
This article was originally published in the GWAVA knowledgebase as article ID 2024.