IPSentry - Alert - Syslog Message

IPSentry Version 4

IPSentry - Alert - Syslog Message

If you are familiar with Syslog, you may find this notification option quite handy. If you do not use Syslog, or you don't run a Syslog Daemon, or don't know what Syslog is, you can find an abundance of information by searching the web for "Syslog" or "syslogd".

Simply put, a Syslog daemon accepts and logs incoming messages from a remote (or local) machine/device. You can trap and filter these messages and perform specific tasks, or just let them pile up in a log file.

Please see the How-To section for additional information on various configurations.

Enabled
This frame provides a tri-state selection regarding the status of the alert which allows you to enable, disable, or use the global state (default)

Yes
The YES option signifies that the alert is enabled for this device and should use the settings provided in the remaining configuration fields for this alert. The settings for the alert will be unique to this specific entry.
No
The NO option signifies that this alert is disabled, regardless of the default or other configurations, this alert will NOT be generated in case of a failure of the monitored device under which it is defined.
Default
The DEFAULT option signifies that the alert should be identical to and make use of the settings outlined in the default configuration model. Any changes made to the default configuration will be applied to all alerts marked "Default" allowing global changes to alert setting through the default configuration.

Note that if the default configuration has the enabled flag set to "NO", all alerts marked as "default" will be ignored during the triggering of alerts.

Alert Success
All alerts with the exception of paging alerts make use of this setting. When checked, the alert will be generated both when the system fails an when the the failure is corrected.

For example, if you are monitoring a web server and it fails, the alert would be triggered noting that there is a failure. Additional failure notification will be sent according to the alert schedule outlined below. Once the system is recovered and the failure corrected, another alert will be generated as an "UP" notification.

In using alerts such as Pager or Email, the IPSentry Keyword %IPS_M_STAT% will be converted to the current state of the device making it possible to recognize immediately whether the alert was triggered due to the system going "DOWN" or coming back "UP".

Syslogd IP
Enter the IP Address of the machine on which the Syslog daemon is running. IPSentry will send a syslog formatted message to this IP Address based on the alert settings and schedule.

Port
The default port for Syslog is 514. If you have modified Syslog to listen on an alternate port, enter that here instead.

Facility
Syslog makes use of a Facility:Priority combinations when receiving messages. These settings are used for log division, and trigger options on the syslog server. Configure these settings to taste based on your Syslog daemon configuration.

Based on its configuration, syslogd can perform a given action for messages with a specified priority (or higher) and facility. By using the facility, messages generated by different system components can be logged with different priorities.

The following facilities are supported:

Facility	Description
auth	Used by authorization systems (login)
cron	Used for the cron and at systems
daemon	System/network daemons
kern	Produced by kernel messages
lpr	Printing system
mail	Mail system
mark	Internally used for time stamps
news	Reserved for the news system
user	Default facility, used for any program
uucp	Reserved for the uucp system

Priority
Syslog makes use of a Facility:Priority combinations when receiving messages. These settings are used for log division, and trigger options on the syslog server. Configure these settings to taste based on your Syslog daemon configuration.

Based on its configuration, syslogd can perform a given action for messages with a specified priority (or higher) and facility. By using the facility, messages generated by different system components can be logged with different priorities.

Priority	Description
debug	Normally used for debugging
info	Informational messages
notice	Conditions that may require attention
warning	Any warnings
err	Any errors
crit	Critical conditions like hardware problems
alert	Any condition that demand immediate attention
emerg	Any emergency condition

Message
Enter the text of the message that should be sent to the Syslog daemon. All IPSentry Key Words used in this field will be translated and proper use of these key words in association with the facility and priority settings can provide you with a means for the syslogd server to react to the given message.

For more information on syslog, see the documentation and man pages regarding your implementation of syslogd and it's capabilities.

Alert Schedule
The alert schedule allows you "fine tune" the alerting functions to avoid unnecessary alerting during an extended failure. You may not want to be paged every single time a failure is detected after the first alert. You can use this schedule to set how many failures must be detected before the first alert. Set how many failures must be detected for each subsequent alert, and the maximum number of alerts you feel are adequate to obtain a response from specified personnel.

First After [n] failures
Represents the number of sequential failures that must occur before the alert notification is processed. You can increase this value if you notice a large amount of false alerts being processed. On some systems, response times may not be consistent and a failure may be detected due to overhead at peak times. If the failure continues for this number of cycles, the alert will be processed.
Every [n] failures
Once the first alert has been processed, IPSentry will only process the alert notification after this many sequential failures. In many cases, once a failed entry has triggered an alert, notification during every IPSentry polling cycle is not usually required.
Max of [n] alerts
Enter the maximum number of times you want IPSentry to process the alert notification. A value of -1 - infinite. This counter is based on sequential failures without a single success.

Note: Setting the first-after or every values to any value less than 1 can have unexpected results.

Load Defaults (button)
This button will load the default configuration information into the appropriate fields. This is a quick way to use a standard configuration with minor variations between entries.

Note: You need NOT use this option when the enabled option is set to "Default" since the replacement of the alert configuration with default configuration values will be done automatically when the alert is triggered. You need only use this button when the enabled option is set to YES and you wish to slightly modify the default configuration and make the entry specific to the monitored device to which this alert is related.

Test Alert (button)
This option will attempt to process the alert as configured. A message will be displayed regarding failure or success of the alert generation.

Related Topics

SCREEN SAMPLES
Click on a field or area for details.


Contact: support@ipsentry.com	https://ipsentry.com	© 2006 by RGE, Inc. - All Rights Reserved