To get an overview of the Alarm Manager, start by watching this video.
Alarms and Events
To view alarms, click on events and then select the Suppressed View of the Alarm Manager. The reason why we recommend the suppressed view is because it groups alarms by the element name as opposed to individually listing them.
The alarm manager helps to tell you a few things that have happened with an alarm. You can tell when it first happened and when it last happened. You can tell if it has been acknowledged by someone and if that person has made a comment.
You can click on the blue number on the suppressed view to expand it and see more detail. (Once expanded, the number is green as shown above.)
If you right-click in the row that contains the alarm, a dropdown list will appear. You can select the relevant action from this drop down.
|Acknowledge: Acknowledge will change the status of the event to ACK and will remove the bold emphasis of the text on the event line. Once an alarm status is ACK, there will be no further alarms for this event until the status changes again.|
Defer: See below.
Edit Event: Edit Event will display a pop-up. This allows you to change some of the parameters of the event.
Set Status: See below.
Open in Troubleshooter: Clicking here will open the graphs associated with the event in the Iris TroubleShooter.
Check Ping: If the event has an IP number in the DETAIL column, you can perform a ping from the view.
Check Traceroute: If the event has an IP number in the DETAIL column, you can perform a Traceroute from the view.
Check Interface: If the event has an IP number in the DETAIL column, and Config Backup is enabled, the output of a “show interface” will be returned.
If a device or element is going to be down for a very long time and you don’t want it to keep appearing in the alarm manager, you can defer it. Should this alarm clear, it will automatically undefer.
There are four different time periods that you can select when deferring an alarm:
You are able to set the status of the element.
You can add comments in the comments column for every status that you set. This could include the name of the person who is responsible for this element.
If you type text into the fields, that will filter the information that you would like to see.
pe1 typed into the Element Name field will bring up all the elements’ names that start with pe1.
The bar at the top of the page also has several functions. Let’s have a quick look at these in order from left to right.
- The eye icon allows you to hide or show deleted alarms.
- To clear all the filters, click on the filter icon.
- If you select Edit Alarm, a pop-up will be displayed. The fields that you won’t be able to edit will be greyed out as you can see here. All fields that you can edit will be white. You can also change the status of the device here.
- You can select the types of alarms you would like to view by clicking on the dropdown list.
- You can show and hide different columns in your view.
- The page refreshes every 30 seconds. This can be adjusted.
- You can also export this list of alarms to CSV.
As with everything, it is best to get using the alarm manager to figure it out. Click around until you get it set up according to your needs and the needs of your customers.
Alarms and severity
One of the key concepts in Iris is that this system is status-based. This means that a particular element has one or more alarms associated with it. Each of these alarms has a severity associated with it. The severity can range from clear, which means that there is no problem, to warning, error, critical, and finally down, which is the most severe.
Each element in Iris, may have multiple alarms associated with it and each of these can be in various states. The state of the element is determined by the worst severity.
If, for some reason, the element has no alarms associated with it, even if clear, then the state of the element is said to be unknown.
Alarms being associated with an element simply means that it is being monitored. And the majority of the alarms are clear and not actual issues. Only alarms which have a severity of warning and above, actually appear in the alarm manager. However, it is possible to show the clear alarms, as it is sometimes useful to know whether an element is being monitored or not.
Usually when we talk about alarms, in every day terms though, we mean alarms of warning severity and above. See the example below.
Alarms vs events
It is important to differentiate between alarms and events in Iris.
Alarms refer to a current state whereas events refer to something that happened at a specific time. For example, if an interface went down and then came up again, the current state would be clear but there would two events indicating that the state changed twice.
As you can see, the alarm state is on the top. Every time the state changes, an event is logged.
Events, just like alarms, also have severities which correspond almost exactly the same as with the alarm severities. CLEAR is sometimes referred to as INFO as well. And, there is a log and debug severity which is used to just log information that is not relevant to a state change.
Here are some examples of events from the event log.
How alarms are generated
There are 3 main sub-systems which generate events in Iris.
1. Active Monitoring: these include ICMP monitoring, SNMP status monitoring and TCP port monitoring
2. Syslogs and SNMP traps which come directly from devices
3. Thresholds: which breach on graph data values
First failure is warning, then critical and the third and subsequent failures are all down.
Search Event Logs
All activity within Iris is logged within the event logs. You are able to search the event logs in Iris. You can also filter the logs to view the information that you specifically want.
On the Search Events page, you can search through the event logs according to time, element name, status, security or description. You can also add or delete columns to help filter the information that you are looking for. Clicking on the blue arrow exports the logs for reporting purposes.