Info alarm: Auto-close, change to userfriendly-message or alternative solution

mbudke
mbudke Member Posts: 131 ✭✭✭
edited December 2023 in Remote Monitoring

Hi all,

I do have the following use-case but no perfect solution yet. Maybe someone else had a similar situation but better way to solve it.

I do have a Hyper-V server which uses HornetSecurity (previously Altaro) Backup to backup the VMs hosted by the server.
HornetSecurity writes the results in the windows eventlog like success, warning or error.

Currently I have configured a profile to to create an alarm.
Example:
Succesful backup = Info
Backup Failed = Critical

Whereby a Critical alarm must be reacted on, the Info alarm is just for info and does not require any action.
Therefore it makes no sense to keep the Info in an open status.

Currently I close these alarms manually every day which is not very productive ;-)

Till yet I did not find a way to auto-close the Info alarm.
Did someone handle a similar case or maybe have a better solution for my szenario?

Next to it an alarm looks as follows:

EXAMPLE

Ereignisprotokoll: Application | Ereignis-ID: 5007
Guest VM Name: XXXXXXXX
Offsite Copy Result: Failed Offsite Copy - The offsite backup operation to the XXXXXX offsite location encountered an error. (ALTERR_OFFSITEBACKUPCONTROLLER_036)
The Backup Data statistics could not be updated. (ALTERR_OFFSITEBACKUPCONTROLLER_070)
An error occurred during the offsite copy operation (ALTERR_OFFSITEBACKUPCONTROLLER_041)
The offsite operation encountered an error while backing up the virtual machine. (ALTERR_DEDUP_051)
Cannot find user for the access key.
Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Offsite Copy Operation Started at: Yesterday at 17:55

This alarm is quite long and contains more data than I need for tracking.
Does someone know if the text can be filtered (e.g. by the event ID) so the message can become a one-liner? Or how to remove unnecessary data like for example with filtering.

Best regards,
Matthias

Comments

  • tanderson
    tanderson Member Posts: 273 ✭✭✭✭

    @Matthias I'm trying to understand what you mean a bit better. Do you currently have Atera alerts that read the event logs and open an Info or a critical alert?

  • mbudke
    mbudke Member Posts: 131 ✭✭✭

    Hi Tanderson,

    thanks a lot for your reply.
    Maybe let me write this is a bit more generic. :-)

    Within Atera there are 3 types of Alarm:

    • Info (blue color)
    • Critical (yellow color)
    • Error (red color)

    The Alarm for "Error" (red) and "Critical" (yellow) do require attention and therefore can result in an automatic ticket.

    My request is about the handling of the "Info" alarm (blue).
    From my personal understanding "Info" is just for information and tracking. There is not real need to react on it.
    I would like to use this alarm to track specific events on a computer/server so in case of need I can just check it.
    Examples can be:

    • successful backup
    • time when has a server been restarted
    • time when there was an antivirus scan
    • time when an administrative user XYZ did login to the server

    Each alarm (Info, Critical, Error) does have a status, which is either "Open" or "Closed".
    For Critical and Error this makes sense as I need to react, but for Info this makes no sense because it shoud always be in status "Closed".

    My question is:
    Do I use the alarm "Info" (blue color) wrong or is there a way to auto-close this status?
    How do you use the "Info" alarm status?

    I hope this request is written a bit more generic :-)

    Best regards,
    Matthias

  • tanderson
    tanderson Member Posts: 273 ✭✭✭✭

    @Matthias I understand what you mean. I don't think you can have it auto-closed. If you are trying to do this, you should make everything Critical and Warning. Make your info alerts Warning alerts and set them to open a ticket. Then use the ticket automation rules to auto-close based on specific words like the warning title in the ticket.

    This will also allow you to make custom fields for the product family so the ticket is automatically labeled Admin Login or something along those lines. That way, you can easily search the closed tickets by your info topics:

    • successful backup
    • server restarted
    • antivirus scan
    • administrative user login

    I think this is the only way you will accomplish this.

  • mbudke
    mbudke Member Posts: 131 ✭✭✭

    Hi Tanderson,

    that is a great idea!! I will try this!

    I am just wondering for what to use the "Info" alarm. Do you have that in use for some specific purpose?

    Best regards,
    Matthias

  • tanderson
    tanderson Member Posts: 273 ✭✭✭✭

    @Matthias I have not configured any info alerts.