An alert is a condition or system event that is outside acceptable limits and must be brought to the attention of the operations staff. An alert is raised when the Operations Sentinel server itself detects an alert condition, or when it receives an alert event report for a managed system.

Alerts are caused by a variety of conditions, perhaps the most common being critical operator messages that were not automatically handled. Another common source of alerts is threshold-checking on system utilization information—for example, when the transaction rate drops below or rises above typical values. See About Alert Identifiers to view detailed information on the different alert conditions.

Notification of Alerts

You are notified in both the main Operations Sentinel Console window and the Alerts window when an alert has been raised.

Alerts in the main Operations Sentinel Console window

In Operations mode, the following icons change to notify you of the alert of highest severity:

You can click the Alerts tab in the details pane to handle the alert condition. The appearance and behavior of this table matches the alerts pane that is displayed in the Alerts window.

Alerts in the Alerts window

The Alerts window can contain two icons that notify you of alerts: the Zone Alerts icon and the Other Alerts icon. Optionally, each alerts icon is accompanied by color-coded bars that show the number of unseen alerts for each severity. See Displaying the Alert Severity Count for information on setting this option.

Alerts that appear under the Zone Alerts icon apply to managed objects in the open Operations Sentinel zone. A managed object can be a managed system, system console, or the Operations Sentinel application.

Alerts that appear under the Other Alerts icon apply to systems that are not in the open zone. This includes

You can use either the main Operations Sentinel Console window or the Alerts window to see detailed information about an alert or to handle an alert condition, by either clearing, acknowledging, or marking the alert as seen.

Automation of Alerts

Your site can automatically respond to alerts using alert policies or AMS.

Your Operations Sentinel administrator can define an alert policy using Alert Policies in Administration mode of Operations Sentinel Console. An active alert policy causes certain alerts to trigger external actions, such as ringing a bell, dialing a pager, or executing a command script. See About Alert Policies for more information.

Alerts can also be acknowledged or cleared automatically by automated responses initiated by AMS. See the ClearPath Enterprise Servers Operations Sentinel Autoaction Message System Administration Guide for more information.

Duplication, Escalation, and De-escalation of Alerts

When an AL event report raises an alert, Operations Sentinel retains this alert and discards any subsequent event reports that raise the same alert. Two alerts are considered to be duplicate if all of the following attributes are the same:

Alerts that duplicate the class, system, alert identifier, alert qualifier, and application name but have a different severity than an alert previously raised but not cleared are treated as unique alerts. Such alerts are neither raised nor cleared; they are escalated or de-escalated, depending on the change in severity. These changes in severity are forwarded to Operations Sentinel Console, and the Zone Alerts or Other Alerts icon changes appropriately.

Escalated and de-escalated alerts are also checked against the active alert policy. If the alert matches an action list in the active alert policy, Operations Sentinel executes the raise actions in that action list.