From Flexxible|SUITE version 4.0.3 onwards, a new feature has been added to allow to create new alerts based on Microsoft event logs which may be raised on any virtual machine or host being monitored in the environment.
Event log triggered alert
The "Event log triggered" is a new alert available in Flexxible|SUITE. You can use it to monitor events in the Event Log for any VM in the environment, and an alert will be raised when the defined conditions of the alert configuration are met. As in any other alert definition, this can be sent via email or SNMP depending on the subscription configuration.
For more information on alerts and monitoring, please refer to Alert Configuration and Monitoring Module Overview article
To create a new "Event log triggered" alert, please access the "Alert definitions" section inside the "Monitoring" menu group and click on the "New EventLog keyword alert" button. Currently, only the "Event log triggered" alert is available to be created by the user although in future versions more types will be added and the New button will become a dropdown showing different options.
When a new alert is created, some needed information will be automatically set. Some other values can be modified but only for the alerts created by a user.
These are the fields that must be set to configure the alert properly:
- Name: The alert name is important because you can create some alerts with the same type. This way you can identify them.
- Severity: The user can define the alert severity (informational, warning or critical).
- Description: The user can modify the alert description.
- Alert parameters: From 4.0.3 version onwards, alerts can contain a list of parameters. This list will be created automatically, and the user can set the value for each one of the parameters. Selecting the desired parameter will display a modal window where you can set the value.
In the specific case of the "Event log triggered" alert, these are the fields configurable by the user that will trigger the alert:
(Note: Flexxible|Suite retrieves only warning, error and critial events happened during the last 720 minutes - this threshold value is customizable by the user)
- KeyWord: a specific string to be searched within the alert message.
- EventLog ID: a specific Event ID.
- Source: a specific Source.
- Alert message: the customizable message to be displayed in the alert.
As specified before, the alert will be activated when an entry in the virtual machine or host event log is found with the given event id, event source, or containing one of the given keywords (or all of them) within the last minutes, indicated by the threshold value.
The created alerts are associated with the user's tenant, therefore, alerts will be raised only for the VMs within that tenant.