An alert policy consists of templates, action lists, and actions.
The following figure is a representation of the relationship between templates, action lists, and actions in an alert policy.
Action Lists
An action list contains the actions to be initiated when a specific alert is raised, acknowledged, or cleared. An alert (AL) event report causes an action list to be executed either implicitly through its ALERTID attribute or explicitly by specifying the EXT_ACTION_LIST attribute. See the Operations Sentinel Administration and Configuration Guide for a description of alert event reports.
For every alert policy, the <default> and <global> action lists always exist and are displayed first in the tree. They cannot be deleted or renamed, but they do not need to include any actions.
The <default> action list contains actions to be performed for any alert that does not match a specific action list in the alert policy when that alert is raised, acknowledged, and cleared. These actions are performed in addition to any <global> actions that might also be specified.
The <global> action list contains actions to be performed for every alert when it is raised, acknowledged, and cleared. These actions are performed in addition to any that are specified for specific alerts, or in addition to any <default> actions.
Actions
An action is a task that is external to Operations Sentinel, such as dialing a pager or executing a command. It is what you want to happen when a specific alert event occurs. Actions within an action list are initiated when an alert is raised, acknowledged, or cleared.
An event report that raises a duplicate alert causes initiation of associated actions only when it changes the severity of the alert. This is referred to as escalation or deescalation.
For each action, you provide specific information, such as which template to use and when to execute.
Templates
Each template provides generic information that can be used by many different actions. There are three types of templates:
Command templates, which execute commands or scripts on the Operations Sentinel server. For example, a command or script can send email or access a remote system.
Modem templates, which control devices that are accessible through a modem, such as pagers.
Serial templates, which control serial devices that control switches for lights, bells, and power.
You can define any number of templates in an alert policy. For example, you could define six modem templates with each template dialing a different pager. You could also define different serial templates, one controlling lights, another controlling a buzzer, and another controlling power.
Tip:You can use the same templates, actions, and action lists in multiple alert policies by copying and pasting them. You can even copy and paste an entire alert policy. This allows you to use common data over again and saves configuration time. For this reason, it is recommended that you use descriptive names that are unique across all alert policies.