Articles in this section

Managing Alarms and Events from the VAST Web UI

Sara Levy
  • Updated
Follow

Viewing Events

The event log holds the latest up to 1.5 million events. 

  1. From the left navigation menu, select Alarms & Events and then Events.

    The following details are displayed:

    Field

    Description

    Date

    The date of the event.

    Hover over the date to see how long ago the event happened. For example, "33 minutes ago".

    Object Name

    The object involved in the event.

    Message

    A description of the event.

    Event Type

    The type of event that occurred.  See Event Types.

    Object Type

    The type of object involved in the event. 

    Origin

    The initiator of the event. Possible values:

    • Cluster

    • Management

    • Security

    • User

    Severity

    The severity of alarm triggered by the event. This is inherited from the event definition, and you can modify it. Possible values:

    • Info. No alarm was raised. 

    • Minor. An alarm of severity minor was raised. 

    • Major.  An alarm of severity major was raised.

    • Critical. An alarm of severity critical was raised.

  2. You can filter the list. Filter selectors appear at the top of the columns just beneath each column heading.

 

Handling Alarms

Alarms are classified with three levels of severity: minor, major, and critical. The severity of an alarm is inherited from the definition  of the event that triggered the alarm.

Alarms are automatically removed when the events that triggered them are resolved. In many cases, automatic recovery features handle and resolve events. Occasionally, user intervention may be required to resolve the issue. 

How do I know when there are active alarms?

When one or more alarms are present, an indicator shows the number of alarms present:

Alarm_Indicator_Digit.png
How can I see what is causing alarms?

To see a summary of alarms, classified by severity, click the alarm indicator:

Alarm_Summary.png

To read the alarm messages in more detail, open the Alarms page:

  • To open the Alarms page with no filtering, click See All.

  • To open the Alarms page filtered for a specific severity, click the "more" link for the severity.

  • To open the Alarms page from the left navigation menu at any time, select  Alarms & Events and then Alarms.

Can I Acknowledge Alarms?

If you've seen the alarm messages and you want to hide them from view, you can hide all the current alarms from view by clicking the Acknowledge all button (ack_all.png). The alarms remain visible to the root and support users.

 

Default Action Settings

Default actions send notifications of events to configured destinations. Default actions apply globally and can be overridden for specific event definitions. The following default actions can be configured:

  • Email recipients. Requires you to supply an outgoing SMTP server.

  • A webhook. A webhook sends alarms to an external application based on an HTTP request.

  • A Linux syslog server.

Default actions can be disabled and then reenabled during maintenance activities.

If you want to disable actions for a specific type of event or to set up an alternate email recipient or webhook for any particular type of event, you can do that in the specific event definition (see Modifying Event Definitions). The outgoing email server is global, required for default email recipients as well as for any alternate email recipients that you define per event definition.

Configuring Default Action Settings

  1. From the left navigation menu, select Settings and then Notifications.

  2. For the email server: Select the SMTP Setup tab and enter the details of an SMTP server for VAST Cluster to send email notifications from.

    SMTP Host

    The host name of the SMTP server.

    For example: mail.company.com.

    SMTP Port

    The port used by the SMTP server to send outgoing emails. The most commonly used port for SMTP is port 25, although some IPs deny its use in order to block spam. SMTP servers often support alternate ports, including port 587.

    SMTP User

    User for SMTP host authentication.

    SMTP Password

    The password for the SMTP user.

    Use TLS

    Enable this setting to send email over a TLS connection.

  3. To configure emails for custom event email recipients as well as a default email action: Select the Email Setup tab and complete these settings:

    Email Sender

    Global for all alarm notification emails, this is the sender email that appears in the emails.

    Example: do_not_reply@company.com

    Email Subject

    Optional and global for all alarm notification emails. Any string you enter here is used globally as the subject for all notification emails.

    Leave it blank to send alarm info in the subject.

    Example: VAST Alarm

    Email Recipients

    Default email recipients. These recipients receive notifications of all alarms except those triggered by events that have a different list of email recipients specified in the event definition or for which actions are disabled.

    Enter as a comma separated list of email addresses (no spaces).

    Example: storage_admin@company.com,bsmith@company.com,abrown@company.com

  4. To send alarms to an external application (optional): Select the Webhook Setup tab and specify default webhook details. Any webhook you define here will be triggered by all alarms except those triggered by events that have a different webhook definition or for which actions are disabled:

    Webhook URL

    The URL of the API endpoint of an external application, including parameters.

    Webhook data

    The payload, if required, for the endpoint. You can use the $event variable to include the event message.

    Webhook Method

    Select the HTTP method you want to invoke with the trigger:

    • POST

    • GET

    • PUT

    • PATCH

    • DELETE

  5. To send alarms and any enabled categories of audit logs to a syslog server, as well as setting which types of events are audited, select the Syslog Setup tab and complete the following fields:

    Note

    For details of server side configuration for the syslog server, see Sending Alarms to a Syslog Server.

    Syslog Host

    Specify the syslog server's IP address.

    Syslog Port

    Specify the port number that the server listens on for syslog requests.

    Default: 514

    Syslog protocol

    Specify one of the following protocols for communicating with the remote syslog server:

    • tcp

    • udp (default)

    The protocol you choose must be enabled on the syslog server. See Sending Alarms to a Syslog Server.

    Enable VMS Audit

    Set to enabled (default) to enable auditing of VMS operations or disabled to disable auditing of VMS operations.

    Enable Shell Audit

    Set to enabled to enable auditing of CNode and DNode shell commands (off by default) or disabled to disable auditing of CNode and DNode shell commands.

    Enable IPMI Audit

    Set to enabled to enable auditing of CNode and DNode IPMI commands (off by default) or disabled to disable auditing of CNode and DNode IPMI commands.

    Audit Logs Retention

    Set the retention time for storing audit logs on the syslog server.

  6. Click Save.

    The settings are now saved.

 

Disabling and Re-enabling Default Actions

When running maintenance tasks, you may need to disable default actions. You can leave the configuration as is and just click the Disable Actions button on the Defaults tab. The button is a toggle button. Click it to disable the configured actions. The default actions are disabled and the button text changes to Enable Actions. Click it again to re-enable the default actions.

 
 

Modifying Event Definitions

  1. From the left navigation menu, select Alarms & Events and then Event Definitions

    All event definitions are listed. You can filter the list by object type and by event type. (Click Filters (above the grid) to display the filter controls.) The following information is displayed for each event definition:

    Object Type

    The type of object being monitored for the event. This could be the cluster, a hardware component such as a NIC, or a logical entity such as a snapshot.

    Property

    A monitored property of the object. For example: state, number of PCI errors, percentage memory usage. 

    Event Type

    What type of change in the property triggers an alarm. See Event Types

    Severity

    The severity of an alarm triggered by this event. Can be critical, major, minor or N/A. If N/A , the event doesn't have an alarm defined.

    Enabled

    Indicates Yes if the event definition is enabled (default) or No if it was disabled by deactivation.

    You can deactivate and activate alarms using the Actions button (ActionsButtonGUI2.png).

  2. In the Actions column, click ActionsButtonGUI2.png and then Edit.

    The Update Event Definition dialog appears.

  3. To make changes to the alarm definition, modify the fields in the Alarms area :

    • For Object Modified type events:

      Trigger On

      The value or the monitored property at which to trigger an alarm. You can deselect the default values and restore them by clicking the Restore Defaults button.

      Trigger Off

      The value or the monitored property at which to trigger off an alarm. You can deselect the default values and restore them by clicking the Restore Defaults button.

      Severity

      Select a severity from the dropdown.

      For example: Critical

    • For Threshold type events:

      Operator

      Select one of the options from the drop-down:

      • greater than. The alarm is triggered when the monitored property increases to higher than the specified threshold value.

      • greater equal. The alarm is triggered when the monitored property increases to the specified threshold value or higher.

      • lower than. The alarm is triggered when the monitored property falls below the specified threshold value.

      • lower equal. The alarm is triggered when the monitored property falls to the specified threshold value or below it.

      Threshold

      The threshold value of the relevant property.

      For example: 70

      Severity

      Select a severity from the dropdown.

      For example: Critical

    • For Rate type events:

      Operator

      Select one of the options from the drop-down:

      • greater than. The alarm is triggered when the monitored property increases to higher than the specified threshold value.

      • greater equal. The alarm is triggered when the monitored property increases to the specified threshold value or higher.

      • lower than. The alarm is triggered when the monitored property falls below the specified threshold value.

      • lower equal. The alarm is triggered when the monitored property falls to the specified threshold value or below it.

      Threshold

      The threshold value of the relevant property.

      For example: 70

      Timeframe

      The time frame over which to monitor the property. Enter a number followed by time prefix without spaces:

      • s - seconds

      • m - minutes

      • h - hours

      • D - days

      • M - months

      For example: 1h

      Severity

      Select a severity from the dropdown.

      For example: Critical

  4. In the Actions area, optionally set up non-default actions, which you can choose to be initiated either by all events of this definition or only by alarms triggered by events of this definition.

    Note

    There are default action settings that affect all events. See Default Action Settings).

    • To send notifications specifically for this event to an external application, complete the webhook parameters:

      Webhook URL

      The URL of the API endpoint of an external application, including parameters.

      Webhook data

      The payload, if required, for the endpoint. You can use the $event variable to include the event message.

      Webhook Method

      Select the HTTP method you want to invoke with the trigger:

      • POST

      • GET

      • PUT

      • PATCH

      • DELETE

    • To send email notifications to non-default recipients, enter the recipient email addresses as a comma separated list (no spaces) in the Email Recipients field.

      Note

      An SMTP server and sender email must be defined in the Defaults tab of the Settings page. See Default Action Settings.

    • To disable actions for this alarm, enable the Disable Actions button.

    • If you would like every event of this definition to trigger the actions you configured, disable Alarm Only. Otherwise, leave Alarm Only enabled.

      If Alarm Only is enabled, the configured actions are initiated only by an alarm (as defined above in step 3). If Alarm Only is disabled, the actions are initiated by all events of this definition. For example, if the object type is CNode, and the Property is state , then if Alarm Only is disabled, any change in state of a CNode will initiate the actions you configured for this event.

  5. Click Update to simply save the changes or click Update & Test to save your changes and send a test notification.

    You can restore the default settings at any time by clicking Restore Defaults.

 

Enabling and Disabling Event Definitions

It's possible to disable event definitions individually, which stops events of the given definition being logged as events, or triggering call home, alarms or actions such as email, webhook or syslogs. You can also re-enable a disabled event definition.

You can see the current enabled/disabled status for each event definition in the Enabled column on the Event Definitions page.

To enable or disable an event definition

  1. From the left navigation menu, select Alarms & Events and then Event Definitions

  2. In the Actions column, click the Actions_Button.png button for the event definition you want to enable or disable. Select Activate to enable the event definition or Deactivate to disable it.

  3. Select Yes to confirm your action.

    The event definition is enabled/disabled. After a few moments, you can see the changed state displayed in the Enabled column.

 

Downloading Alarms and Events

When you're viewing the events log on the Events page or the current alarms in the Alarms page, you can download all of the events in the log or all of the current alarms. 

To download a complete log or a complete list of the current alarms, click the download button at the top right of the list: DownloadButton.png.

 
 

Related articles

Comments

0 comments

Article is closed for comments.