Log Event Alerts

The Log Event Alert logs events to the Windows NT Application Event Log. Entries in the event log can then be viewed with the Event Viewer and/or used by other software utilities that perform centralized alerting from the event log.

Use of the SiteScope Log Event Alert type requires:

Access to the NT Event Log service
SiteScope running on Microsoft Windows NT/2000

Note:If you are using SiteScope's NT Event Log Monitor, use of the Log Event alert requires caution as it is possible create a endless loop condition that can fill your log file. This can happen when an NT Event Log Monitor detects an event which triggers a Log Event alert, which puts an event into the event log, which the Event Log Monitor then detects, and then triggers another Log Event alert, and so forth, To avoid this, Log Event alert types should not be associated with NT Event Log Monitors.

Creating a Log Event Alert Definition

Follow the steps below to create a SiteScope Log Event Alert definition.

Click the Alerts button on the SiteScope main navigation bar at the top of the SiteScope screen. The Alert Definitions page is displayed.
Click the Add link in the Alert Actions section below the Alert Definitions table. The Add Alert selection page is displayed.
Select the monitor status category that will trigger the alert. For example, select error for the alert to be triggered when any monitor to be associated with this alert reports an error condition.
Select the Log Event Alert in the Alert Type section and click the Define Alert button. The Define Log Event Alert page is displayed.
Select the monitors or groups that will trigger this alert using the Alert Subject(s) menu tree. Complete the Define Log Event Alert form as described in the section below. When the required selections are made, click the Add Log Event Alert button to create the alert definition.

Completing the Log Event Alert Form

Complete each section of the form as described below and then click the Add or Update button.

Alert Subject(s)

Select the groups or monitors that will trigger this alert. You can select multiple groups and monitors by holding down the control key while making your selection. The choices include:

All Groups - Select All Groups if you want SiteScope to perform an action whenever any monitor on this installation returns the indicated status condition. For example, you would choose this option if you want SiteScope to page you whenever any monitor returns an error status.

[group name] - Select a specific group if you want SiteScope to perform an action whenever any monitor in the selected group returns the indicated status condition. For example, you would select the Network group if you wanted SiteScope to page you if any monitor in the Network group returned an error status.

[group name]: [monitor name] or [group name]:[subgroup name]: [monitor name] - Select a specific monitor if you want SiteScope to perform an action only if the selected monitor returns the indicated status condition. For example, you would choose this option if you wanted SiteScope to send you e-mail if one specific monitor returned a warning status.

Alternatively, you may select all groups or multiple groups and then define an alert filter rule in the Global and Group Alert Filtering section under the Advanced Options on the lower portion of the page.

Log Event

Log a message to the Window NT Event Log.

Template

By default, SiteScope sends a message about the error or warning status returned by a monitor. If you would prefer a specific format for this message, select the desired option from the Template drop-down list. You may add additional templates into the templates.eventlog directory.

When

The number of times the alert conditions should be met before SiteScope executes the action you specified.

Always, after the condition has occurred at least N times - After the condition occurs at least N times, SiteScope executes the action every time the alert conditions are met. Type the minimum number of times the alert conditions must be met in the text box.
Once, after condition occurs exactly N times - SiteScope executes the action once, after the conditions are met for the Nth time. Type the number of times the alert conditions must be met in the text box.
Initial alert X and repeat every Y times afterwards - Executes the alert action after the condition occurs X consecutive times and then repeats the alert every consecutive Y occurences thereafter. For example,if X was set to 3, and Y was set to 4, then the action would be triggered on the 3rd, 7th, 11th, and so forth, occurrences of the condition. Choose this option by selecting the applicable radio button, entering the multiple (E) and the minimum number of times (N) the alert conditions must be met in the text input boxes provided.
Note: This feature was modified in SiteScope version 5.5. Alert parameters set for this option in prior versions are transposed to this new format when upgrading to version 5.5 and may result in a change in the originally intended behavior.
Once, after N errors in this group - SiteScope executes the action only after any monitor in the group has been in error exactly N consecutive times. Type the number of errors in the text box.
Once, when all monitors of group are in error - SiteScope executes the action the first time all monitors in the group are in error.

Advanced Options

The Advanced Options section presents a number of options for disabling the alert and define a filter for conditions should trigger the alert.

Event Source: Sets the Source field of the event that is logged.
Event ID: Sets the ID field of the event that is logged.
Event Type: Sets the type of the event: error, warning, or informational.
Disabled: This check box prevents the alert from executing the action, even if the conditions are met. This is useful for temporarily turning off alerts.
Name Match: You can use this option to make use of naming conventions for your monitors. You may enter a word or string that appears in the names of monitors in this box, and SiteScope will only generate an alert if the name of the monitor in error contains this word or string. For example, entering Ping: triggers this alert only for monitors that have a name that contains " Ping:" . The match is case sensitive.

Disable Alerts

Use the Disable Alerts alerts section to manually control suppression of this alert. This can be useful when the the systems being monitored are off-line for maintenance or if the recipient of the alerts is unavailable for a period of time.

Enable Alert: This check box cancels any disable conditions and makes the alert active. Select this radio button to override any disable action on the alert.
Disable alert permanently: Select this radio button to prevent SiteScope from executing the alert action, even if the conditions are met. Note: This permanently disables the alert action until this radio button is cleared.
Disable alerts for the next time period: Select this radio button to immediately prevent SiteScope from executing the alert action for the time period entered, even if the conditions are met. The alerts are re-enabled when the time period expires. This is useful for temporarily turning off alerts immediately.
Disable on a one-time schedule from time1 to time2: Select this radio button to prevent SiteScope from executing the alert action for the time period indicated, even if the conditions are met. The alerts are disabled at the beginning of the time period and re-enabled after the time period expires. This is useful for temporarily turning off alerts during scheduled maintenance.

Global and Group Alert Filtering

You can use the Global and Group Alert Filtering option to define alerts for a large number of monitors and then apply a filter so that only certain monitors within the selected list will actually trigger the alert. See Using SiteScope Alerts for more information.

Name Match: This option lets you suppress the alert for all associated monitors except those with a specific text appearing as part of their name. Enter all or part of the monitor name string you want to use as a filter criteria. For example, entering the string URL: will limit this alert to monitors whose name contains the string "URL:". The match is case sensitive. You can enter a regular expression in this text box to match a status string pattern
Status Match: This option lets you suppress the alert for all associated monitors except those returning a specific status text. Enter a string that you expect to appear in the status text for the monitor you want to trigger this alert. For example, if you type timeout in this box, an alert will only be triggered by a monitor associated with this alert which also has a status of "timeout." This match is case sensitive. You can enter a regular expression in this text box to match a status string pattern
Monitor Type: You can usethis option to select a specific monitor type match for the alert. Select the monitor type within the set of monitors associated with this alert that should actually trigger the alert. Select Any Monitor to trigger the alert action for any monitor type associated with this alert.