Best Practices for Alert Management
Decide how you want to find out about faults/alerts.
You can:
Some NetMaster users watch the Alert Monitor display all day, and alerts drive the work of their department. | Some NetMaster users never look at the Alert Monitor, and just use it to send alert notifications to other places. |
Customizing the Alert Display
3270
See "Alert Monitor Display Format" in Chapter 7, "Setting Up the Alert Monitor", in the Administration Guide.
WebCenter
Use the Sort, Options and Filter buttons to modify the display. From the resulting dialogue, use Save Settings.
Alert History
The NetMaster Alert Monitor can optionally also keep Alert History data. This consists of details of all alerts, for the last N days. Alert History can be useful to review and isolate recurring problem areas.
Where do alerts come from?
Alert source |
Description of alerts |
IP Node Monitor IP Resource Monitor |
IP performance attribute alerts NetMaster for TCP/IP samples specified attributes of IP logical and physical resources, at regular intervals. When an individual sample value activates a specified trigger or alert condition , an alert is raised. Performance attribute alerts can be these types:
|
IP Event Detectors | IP event alerts A single event occurs, and an alert is raised. Such events include:
|
NetMaster for SNA |
SNA PPO event alerts |
NetMaster File Transfer Management | File Transfer Management Alerts Many different actual and potential error conditions, including:
|
CA SOLVE:Operations | z/OS system automation alerts |
User-written NCL procedures | User-defined alerts Any user-written NCL procedure can raise and clear alerts, using supplied NCL API calls. |
NetMaster internals | NetMaster health alerts Serious conditions affecting the operation of the NetMaster region, such as VSAM errors on critical files |
CA OPS/MVS | CA OPS/MVS-specific alerts |
Filter alerts
Step 1 Decide how to group your alerts
If you want to use the Alert Monitor to send alert details to other products, consider which of your likely alerts belong together, and should be sent to the same place(s).
You might want to send every alert to the same place; or, you can do things like send every SNA alert to email address A, and send every IP alert to Spectrum, and write a WTO about certain FTP failures, and pass details of certain IP connections to NCL procedure N.
Whenever you do any configuration that can generate alerts - IP Event Detectors, performance monitoring attributes - decide if you want any resulting alerts to be sent, and where/who to.
Use this information to decide what alert filters you need.
What uses Alert Filters?
Step 2 Define Alert Filters
To define an Alert Filter
Use /ALFILT (A.A.F)
More information:
Chapter 7, "Setting Up the Alert Monitor", in the Administration Guide.
Send alert notifications
Step 3 Define Alert Forwarding Destinations
The Alert Monitor itself can automatically forward certain alerts to any/all of up to 9 separate destinations. Possible destinations are:
? Any generic SNMP manager such as CA Spectrum, IBM Tivoli NetCool, HP OpenView
? A specific product: IBM Tivoli Netview, CA NSM, CA Service Desk
When are alerts sent to a forwarding destination?
When they match the alert filter specified for a destination.
One alert may match multiple filters and be sent to multiple destinations; or it may match no filters and be sent only to unfiltered destinations (if any).
Be careful: if a destination has no filter, all alerts will be sent there.
To define an Alert Forwarding Destination
Use /PARMS (A.C.P)
then select INTERFACES $AM ALERTS (Alert Monitor Interface)
Step 4 Define Alert Trouble Ticket destination
You can define (only) one Alert Monitor Trouble Ticket destination.
Possible destinations are:
When are alerts sent to the trouble ticket destination?
To define the Alert Trouble Ticket Destination
Use /ALTTI (A.A.I) then enter an Interface Type and press F6
Use F1=Help to explain the specific fields required by that type
Keep Alert History
Step 5 Set alert history retention
The Alert History display shows all active and closed alerts, day by day, for the last N days.
A process is run at a specified time daily, to delete the expired alerts from the file.
You can keep alerts for up to 999 days. Obviously, if you keep alerts for a long time and tend to get large numbers of them, watch your file size.
To specify the name of the Alert History file, how long to keep the alerts, and when to purge them
Use /PARMS (A.C.P)
then select FILES $AM ALERTHIST (Alert History File Specification)
Using Alert History
Browse your Alert History to get a quick idea of your most problematic areas.