Alerting Application

The Alerting application allows you to configure GoToAssist alerts to let you know when specified events occur, such as when disk space falls below 5%, or when CPU is over 95% for 30 minutes. You can set GoToAssist alerts to watch a specific value, such as the number of users on your network with administrative privileges. You can also set alerts to notify you when the result of a specific search changes in any way. For example, you could save a search for the installed software as a baseline, and then create an alert that notifies you if someone adds new software and causes the baseline to change.

GoToAssist alerts are based on the results of searches that you can save and identify as relevant. You can use the Alerting application to enable and disable alerts, apply a single alert to multiple companies or users, and get a comprehensive view of all the GoToAssist Alerts in your account.You can choose to use email or SMS notifications to let you know when these alerts occur.

You may want to have an email notification sent to a level 1 or NOC technician when an incident is first detected, for example, and then to an advanced escalation group if the incident has not been resolved within a specific period of time.

Topics in this article:

Alert Summary Pane

Configure Alerts Pane

Adding Alerts

Configuring Alerts

Acknowledging Triggered Alerts

Editing, Clearing and Deleting Alerts

Alert Summary Pane

The Alert Summary list allows you to see your most recent triggered alerts, drill down to the individual devices that triggered an alert and examine and modify the queries used by the alert.You can see additional alerts that were recently triggered by clicking the See more recent alerts link at the bottom of the Alert Summary list.

The Alert Summary pane displays the following information:

• Status Icons – The icons show the total quantities of each severity level (e.g., critical, warning) of alerts (hover your mouse over the Status icon to see the severity level).
  • Click the number link to open the Alert Status pane, which displays all alerts at that level currently displayed in the Alert Summary pane.

• Status – The Status indicates the level of severity of the alert (hover your mouse over the Status icon to see what it represents). This severity level is just a name that ca be specified or changed when you create or edit an alert.
  • Warning – Indicates an event or threshold that is not severe enough to be "critical," but likely requires you to send it to a different group or notification method (e.g., email or SMS)
  • Critical – Indicates an event or threshold that is severe enough to require action
  • Error – Indicates a general error, which likely does not require action or notification
• Message – The message contains a brief description of the issue.
• Since – This indicates the date and time that the alert was last triggered.
• Alert – This indicates the name of the alert that was triggered (click to edit).
• Device – This indicates the name of the device (if any) that triggered the alert. Click to see the devices record in the Inventory application.
• Status – This indicates whether an alert has been acknowledged or not. Newly triggered alerts are marked as “New,” and once they have been acknowledged, they are marked as “Opened.”
• Comments – Technicians can include comments when editing an alert’s status. A truncated version of the comment will appear in the Alert Summary list, which technicians can hover over to see the full comment in a pop-up.
• Changed by – This indicates which technician last changed an alert’s status.
• Changed on – This indicates when an alert’s status was last modified.

Note: Alerts continue to be displayed as long as the conditions for triggering remain true.

Configure Alerts Pane

The Configure Alerts pane allows you to manage your alerts by adding new alerts, as well as editing, clearing and deleting configured alerts.

The Configure Alerts pane displays the following information:

• Name – This indicates the name of the alert (click to edit).
• Enabled – This indicates whether the alert is enabled or disabled (to enable or disable alerts, see editing alerts).
• Type – This indicates the type of alert (e.g., "Windows service is not running").
• Applies to – This indicates the companies in your account that this alert applies to.
• Status – This indicates the severity level of the alert (hover your mouse over the Status icon to see the name of the severity level). The number indicates the quantity of that severity level.
  • Click the number link to open the Alert Status pane, which displays all events that triggered the alert at that level.

Adding Alerts

To add new alerts

1. In the Configure Alerts pane, click Add Alert.

2. In the Choose Alert Type window, select which type of alert you want to create by clicking the appropriate tab.

Standard Alerts

GoToAssist provides a variety of standard alerts that are ready to configure to your needs. You can set them up quickly and modify them at any time. The standard alerts are as follows:

• ESET Remote Administrator:
  • Primary Clients are Waiting for Restart – Alerts when devices are waiting for restart
  • Clients Reporting Non-Cleaned Infiltration – Alerts when devices reported a non-cleaned infiltration during the last computer scan
  • Primary Clients Not Connecting – Alerts when more than 10% of devices are not connecting to the server
  • Primary Clients with Critical Warning – Alerts when devices have critical protection status warnings
  • Server not Updated – Alerts when the server has not been updated recently
  • License Problem – Alerts when there is a problem with the license limit or a license has expired
  • Primary Clients with Warning – Alerts when devices have protection status warnings
• Security Monitoring:
  • New Windows Software Installed – Alerts when programs have been installed on Windows computers
  • Windows Antivirus Not Installed – Alerts when an anti-virus product is not installed on a Windows workstation (uses the Windows Security Center, which is not available on Windows Server editions)
  • New Device Discovered – Alerts when any device has been discovered within the last day
  • Windows Antivirus Out of Date – Alerts when the anti-virus program is out of date (uses the Windows Security Center, which is not available on Windows Server editions)
• Crawlers:
  • Crawler Not Reporting – Alerts when the Crawler has not communicated with the GoToAssist data centers for more than 15 minutes

• Macintosh Monitoring:

  • Macintosh SNMP CPU Load Average over Threshold – Checks if a Mac computer exceeds a CPU load average over a period of time; the CPU utilization is measured as an average over all of the CPUs in the machine

  Note: This requires SNMP to be configured on devices to be monitored.

  • Macintosh SNMP Network Usage over Threshold – Checks if a Mac computer exceeds a set network usage threshold (bits in/out per second). The network utilization is per network interfaces in the machine

  Note: This requires SNMP to be configured on devices to be monitored.

  • Macintosh Service/Process Not Running – Checks if a service or process on a Mac computer is not running
  • Macintosh Disk Free Below a Percentage – Checks the free disk space on all directly attached hard disk drives
• Backup Exec:
  • Backup Exec System Recovery (File in use) – Alerts when Backup Exec System Recovery reported that the backup failed because a file is in use (see the log message for more details)
  • Backup Exec System Recovery (Domain problem) – Alerts when Backup Exec System Recovery reported that it was not able to contact the domain controller
  • Backup Exec System Recovery (Operation canceled) – Alerts when Backup Exec System Recovery reported that an operation was canceled, which may be because the backup was canceled by an administrator; data for this alert is collected from Windows Event Log or SNMP traps (you should ensure that Backup Exec data is appearing in the GoToAssist logs)
  • Backup Exec System Recovery (Network path not found) – Alerts when Backup Exec System Recovery reported that it was not able to connect to a network path containing the recovery points
  • Backup Exec (Job Failed) –
  • Backup Exec System Recovery (Disk full) – Alerts when Backup Exec System Recovery reported that the backup failed because the target disk is full
• Printer Monitoring:
  • Printer Out of Paper – Alerts when a printer is out of paper (uses SNMP monitoring)
  • Printer Offline – Alerts when a printer is offline or unavailable (uses SNMP monitoring)
  • Printer Out of Toner/Ink –Alerts when a printer is out of toner or ink (uses SNMP monitoring)
• Network Tests:
  • MySQL probe – Alerts when connection fails on TCP port 3306
  • IMAP probe – Alerts when connection fails on TCP port 143
  • DNS probe – Alerts when connection fails on UDP port 53
  • LDAP probe – Alerts when connection fails on TCP port 389
  • Generic HTTP probe – Alerts when connection fails on TCP port 80 (get/returns a 2XX or 3XX response)
  • FTP probe – Alerts when connection fails on TCP port 21
  • HTTPS probe – Alerts when connection fails on TCP port 443
  • Telnet probe – Alerts when connection fails on TCP port 23
  • eHub probe – Alerts when connection fails on TCP port 9013
  • SQLServer probe – Alerts when connection fails on TCP port 1433
  • Ping probe – Alerts when typical ICMP fails to reply
  • SMTP probe – Alerts when connection fails on TCP port 25
  • Oracle probe – Alerts when connection fails on TCP port
  • POP3 probe – Alerts when connection fails on TCP port 110
• Windows Monitoring:
  • Windows Disk Free below Threshold – Alerts when free disk space is below a specified threshold (in megabytes) on directly attached hard disk drives

Note: Specify one drive letter or leave blank to specify all drives.

• Disk has a Bad Block – Alerts when "bad block" related strings are found in the logs that are collected (e.g., "found a bad block on disk" or "read error at block" or "has a bad block")
• Windows Service Not Running – Alerts when a Windows Service is not running (i.e., status of "started")
• Windows Out of Memory – Alerts when memory exceeds a threshold (percent) usage of physical memory (i.e., does not take swap space into account)
• Windows Automatic Service Not Running – Alerts when any service with Startup Type of "automatic" is not running
• Windows CPU Usage over Threshold – Alerts when average CPU utilization exceeds a specified threshold (percent) for a specified number of minutes (the CPU utilization is measured as an average over all of the CPUs in the computer)
• Computer Shutdown or Reboot was Unexpected – Alerts when the event ID 6008 is detected in the Windows event log
• Windows Disk Free below a Percentage – Alerts when free disk space is below a specified percentage on directly attached hard disk drives

Note: Specify one drive letter or leave blank to specify all drives.

• Exchange Monitoring:
  • Failed Mail Submissions per second over threshold – Check failed mail submissions per second from Mailbox server to Hub Transport servers
  • Exchange Log Record Stalls Per Second over threshold – Check the rate of log records not added to log buffers because the log buffers were full. A non zero value, most of the times, signify log buffer size maybe the bottleneck
  • Average latency of RPC Requests of Store Interface over threshold – Check the average latency, in milliseconds, of RPC requests. The average is calculated over all RPCs since exrpc32 was loaded
  • Document Indexing Time over threshold – Checks how long it takes to index documents
  • Exchange Page Fault Stalls Per Second over threshold – Check the rate that page file requests require of the database cache manager to allocate a new page of database cache
  • Hub Transport Servers in Retry mode over threshold – Check the number of hub transport servers in retry mode
  • Store Interface Remote Procedure Call (RPC) Requests failure over threshold – Check the number of RPC requests failed between Microsoft Exchange Information Store service on the Mailbox server and Hub Transport servers
  • Remote Procedure Call Failure (due to server too busy) over threshold – Check the number of Remote Procedure Calls (RPC) failed due to Server too busy to process them
  • Requests failed processing resource booking events over threshold – Check the requests failed when resource booking attendant was processing events
  • Requests failed processing calendar attendant events over threshold – Check the requests failed when calendar attendant was processing events
  • Exchange Messages queued for submission over threshold – Check the number of submitted messages, that are not yet processed by the transport layer
• Linux Monitoring:
  • Linux Disk Free Below a Percentage – Checks the free disk space on all directly attached hard disk drives
  • Linux Memory Alert – This alert checks if a Linux machine exceeds a threshold of memory usage. It looks at the physical memory in the computer and does not take swap space into account.
  • Linux Network Usage over Threshold – This alert checks if a Linux machine exceeds a set network usage threshold (bits in/out per second). The network utilization is calculated per network interfaces in the machine.
  • Linux Load Average over Threshold – This alert checks if a Linux machine exceeds a CPU load average over a 5-minute period of time. The CPU utilization is measured as an average over all of the CPUs in the machine.

• Custom Query Alerts – You can set up custom PQL queries to monitor any aspect of the data in an account. To write your own query using PQL, select the Custom Query tab.
• Custom Log Alerts – Click the Custom Log tab to set up custom log alerts to detect specified text in the log data gathered by the Log application.

3. Once you've selected which type of alert you want to use, click Create Alert to continue.

4. Type a unique name to distinguish this alert from others. Then follow the configuration steps below to use the customized tabs to identify and control how the alert will behave. You can modify these configurations at any time by editing the alert.

Configuring Alerts

To configure a Standard alert

1. In the General tab, provide the following information to identify your alert:

• Description (optional) – Provide a description to remind yourself and others of the purpose of this alert.
• Enabled – You can disable an alert by unselecting this checkbox. Note that a disabled alert is inactive – it does not update or generate notifications.
• Applies to – Choose one company or "All Companies in account" to apply this alert to using the drop-down menu.

2. In the Parameters tab, provide the following parameter information to fine-tune the alert's behavior:

• Alert Status – Use the Name drop-down menus to choose which names and corresponding color that you want your alert to display when it's been triggered or cleared .
• Notification – Use the drop-down menu to choose who you want to receive the notification. Notification rules can specify one person or several people, or a group address.

Note: To add or remove addresses from the notification list, click Create notification rules below the menu (it will open in a new window).

3. In the Devices & Groups tab,choose which types of devices and/or groups the alert will watch. To have the alert monitor all of your devices, leave this list blank.

• To add devices and or groups, click the Add... link, and select the checkboxes on the right of the Add Computers and Groups list (when you select a group, all of the devices in that group will automatically be selected). Click Save when done.

Note: If you need to modify your groups, click the Create device groups below the "Devices & Groups to Monitor" list.

4. It is highly recommended that you test your alert to make sure it is configured correctly. Back on the General tab, click Test to trigger an alert to be sent to recipients as specified in your notification rules (which can be edited by clicking Create notification rules on the Parameters or Query tabs). Once you click Test, a confirmation message appears on the tab (text messages and emails sent are marked as “TEST”).

5. Once you finish configuring and/or testing all the tabs, click Save.

To configure a Custom Query alert

1. In the General tab, provide the following information to identify your alert:

• Description (optional) – Provide an description to remind yourself and others of the purpose of this alert.
• Enabled – You can disable an alert by unselecting this checkbox. Note that a disabled alert is inactive – it does not update or generate notifications.
• Applies to – Choose one company or "All Companies in account" to apply this alert to using the drop-down menu.

2. In the Query tab, provide the following information to specify and fine-tune the alert's behavior:

• PQL query – Write your own search query using the proprietary GoToAssist PQL language.
• Alert triggers when – Indicate whether you want an alert to trigger when your PQL query returns any result or no results.
• Test query (recommended) – Allows you to test your query before saving to verify that it works and see the results immediately by clicking Run query. The test runs in a separate window so you can return to the parameters window and modify the alert until the test verifies that it is working the way you want.
• Alert Status – Use the Name drop-down menus to choose which names and corresponding colors you want to your alert to display when it's been triggered or cleared.
• Notification – Use the drop-down menu to choose who you want to receive the notification. Notification rules can specify one person, several people or a group address.

Note: To add or remove addresses from the notification list, click Create notification rules below the menu (it will open in a new window).

3. Once you finish configuring all the tabs, click Save.

To configure a Custom Log alert

1. In the General tab, provide the following information to identify your alert:

• Description (optional) – Type a description to remind yourself and others of the purpose of this alert.
• Enabled – You can disable an alert by unselecting this checkbox. Note that a disabled alert is inactive – it does not update or generate notifications.
• Applies to – Choose one company or "All Companies in account" to apply this alert to using the drop-down menu.

2. In the Query tab, provide the following information to specify and fine-tune the alert's behavior:

• Log search – Write your own query to search the logs using the proprietary GoToAssist PQL language.
• Test query (recommended) – Allows your to test your query before saving to verify that it works and see the results immediately by clicking Run query. The test runs in a separate window so you can return to the parameters window and modify the alert until the test verifies that it is working the way you want.
• Notification – Select the type of alert and who to notify:
  • Select the type of alert you want to be sent from the first drop-down menu.
  • Select who you want to be sent an alert notification from the second drop-down menu.

Note: To add or remove addresses from the notification list, click Create notification rules below the menu (it will open in a new window).

3. Once you finish configuring all the tabs, click Save.

4. The following screens will vary depending on the type of alert you selected. Enter a name for your new alert, fill in the appropriate information and click Save.

Note: See Configuring Alerts for detailed information on all the different types of alerts.

Once saved, your new alert will appear at the bottom of the Configure Alerts pane.

Acknowledging Triggered Alerts

You can mark when alerts have been seen and acknowledged by changing their status to “Opened” and adding comments. In addition, you can “mute” the alert permanently or temporarily so that it does not continue to trigger repeat notifications until it is closed.

To acknowledge alerts

1. When an alert is first triggered, it is marked as “New” on the Alert Summary list. Click the New link in the Status column.

2. In the Alert Status window, you can do the following:

• Mute the alert – Select a mute option to prevent the alert from continuing to trigger repeat notifications (either for a set amount of time or permanently until unmuted).
• Add a comment – Enter a comment that will appear in the Comments column.

3. Click Save to set the alert's status to "Opened." To keep the status as "New," click Cancel.

Editing, Clearing and Deleting Alerts

You can use the Configure Alerts pane to edit, clear and delete your configured alerts.

To edit alerts

Open the Edit Alert window from the Configure Alerts pane in either of the following ways:

• Click the name of the alert you want to edit.

• Select the row of the alert that you want to edit so that it highlights, and then click Edit.

This will open the notification's overview page, where you can edit the settings and notification actions (see Configuring Alerts for more information).

To clear or delete alerts

Note: Clearing a configured alert will remove all of the raised alerts (in your Alert Summary) that the configured alert triggered. This will not delete the alert or change its configuration; it simply removes the past triggered alerts.

1. In the Configure Alerts pane, select the row of the alert that you want to clear or delete so that it is highlighted.

2. Click Clear or Delete.

3. Click OK to continue.

| Views: 3948 | Last Updated: Thu, May 09 2013 2:28 PM

Is this article helpful?