Event Manager

---

19.1 Overview

The NetVigil Event Manager Console displays messages (traps, logs, windows events) forwarded from the Message Handler (described in Chapter 7, "Message Handler for Traps & Logs"), as well as threshold violations. It provides features for acknowledging, suppressing and deleting events using a web interface. Events can be suppressed until a particular date and time, or until the state changes. The screen refreshes automatically every few minutes (this interval can be changed on the Manage -> Prefs page).

Note: The Event Manager window accessed by clicking on the "Event Manager" hyperlink on the main NetVigil Status screen.

19.2 Managing Messages on the DGE

You can trigger actions & notifications when an incoming log or trap message matches a particular rule, and whether it should be displayed on the Event Manager console. Once messages are displayed on the Event Console, they can be annotated, acknowledged or suppressed.

The following message related changes are managed by going to Manage-> Messages when logged in as an end user.

19.2.1 Event Filters

You can either accept all messages that are forwarded by the Message Handler and display them on the Event Manager Console, or else select the devices and the message types to be accepted from each device. Messages that do not match the specified filter are not displayed on the Event Manager and cannot trigger any notifications.

To create an Event Filter:
Click on manage -> Messages
To accept all messages and display them, click on the radio button "Accept All messages"
To select a list of devices to accept messages, click on the alternate radio button and select devices
You can also select which types of messages to accept by clicking on the "filter by individual message types" checkbox and then selecting the message type for each device from the list.

19.2.2 Notifications

You can trigger notifications for incoming messages and traps by assigning action profiles to them. You can select whether to trigger an action profile for all devices, for selected devices or no devices.

Note: you can only trigger notifications for messages which have been accepted by the Event Filter already.

19.2.3 Device Aliases

Since devices can be multi-homed (live on multiple IP addresses), you can setup aliases for these devices so that any incoming messages from these devices are treated to be the same. You can load existing aliases and save any changes you make to the device aliases from this page.

19.3 Using the Event Manager Console

The Event Manager (EM) console can be accessed by clicking on the "Event Manager" hyperlink on the Status Summary page. You need a modern browser which supports frames in order to use the Event Manager.

Filtering Display Results

You can filter the displayed events by the type, the device name or the severity. The two types of events that are displayed on the Event manager are:

log messages, traps, windows events that have been processed by the Message Handler
threshold violations (that are caused from the polling done by the various NetVigil monitors)

You can enter a simple regular expression to search for all devices matching a name (e.g. gw-* will display messages for all devices whose name begins with "gw-")

The EM Console

Each event displayed on the EM Console is assigned a unique Event ID automatically by the system. By default, the events are sorted in reverse time order (newest events at the top), but you can click on the header to change the sort order.

The following columns (fields) are displayed on the Event Manager:

Field	Description
State	This shows the severity of the event, and acknowledged events are shown with a special icon.
Event ID	A unique number assigned to each event. Clicking on this field will bring up the acknowledge window
Device Name	The device name and IP address
Timestamp	The timestamp of the event
Source	The event source. Note that the message handler can have multiple input sources (such as traps, logs, windows events). All threshold violations show the source "internal/dge"
Message	The event text. This can be on several lines.

Note: You can control the number of messages to display on each page by setting it in Manage->Prefs

19.3.1 Acknowledge / Suppress Events

Clicking on an event ID or a checkbox for an event and clicking on "Ack/Suppress" at the bottom brings up the annotation window.

You can hide the event from the Event Console and also suppress notifications until one of the following conditions are met:

The severity changes (only for threshold violations)
For a specified period of time
Until a specific date and time

When a threshold violation is acknowledged, the state of the device also changes on the Status Summary screen. The acknowledged test is no longer used to calculate the overall device severity as long as the test is in a suppressed state.

Note: You can also suppress a threshold violation test without using the Event Manager by "updating" a test and setting the suppress radio button on this page.