Alert View Interface
To view the alerts forwarded from InTrust, use the Operations Manager console. After you select Monitoring | Active Alerts, they will be displayed as shown below:
You can examine each alert in detail after opening by double-clicking it to open its properties.
Alert Properties—General
Here you can find general information about the alert, including its severity, description, status, etc.
|
|
Note: When an alert is forwarded to Operations Manager, the Alert Source field value is set to Quest InTrust Connector on <Connector_host_name>. |
Alert Properties—Product Knowledge
This tab contains a brief description of the product operation and references to detailed information on InTrust and InTrust Connector for Operations Manager.
Alert Properties—Company Knowledge
This tab can be used to enter your company knowledge for the alert (if any). For that, click Edit Rule, and edit the Knowledge field of the rule which is the source of the selected alert.
Alert Properties—History
Use this tab to track the alert history (from the moment it was activated), including all modifications and their initiators.
Alert Properties—Alert Context
The alert context (structure) is displayed in XML format.
Alert Properties—Custom Fields
This tab contains a list of custom fields described in the Alert Field Mapping topic. This data is filled in automatically by the product and should not be changed.
Alert Field Mapping
The table below shows how InTrust alert fields are mapped to the Operations Manager alert fields displayed in the Operations Manager console:
| InTrust Alert Field | Operations Manager Alert Field |
Details |
|---|---|---|
| Description | Alert Description |
The Operations Manager alert description is derived from InTrust alert fields using the following rule: InTrust Server: <InTrustServer> Logging Host: <HostName> Creation Time: <TimeGenerated> InTrust Alert Description: <Description> |
| Name | Name | Alert display name, for example, “Successful Logons During Non-Business Hours”. |
| AssignedTo | Owner |
Not forwarded. |
| State | Alert Status |
Operations Manager offers the following predefined alert resolution states:
The InTrust alert states are as follows:
To represent this state in Operations Manager, you can follow the instructions provided in the Configuring InTrust Connector for Operations Manager topic. The settings you configure will take effect for all alerts forwarded to Operations Manager. |
| Severity | Alert Severity |
Alert severity values are mapped, as follows: InTrust— OpsMgr Information— Information Minor— Warning Major— Critical Critical— Critical Custom— Warning |
| Creation Time | Filled in by Operations Manager. | |
| ForwardToMOM |
If an InTrust Alert contains a custom field named 'ForwardToMOM', it is forwarded to Operations Manager regardless of the filtering settings in the InTrust Connector. | |
| AlertCode |
Custom Field 1 |
|
| Comment |
Custom Field 2 |
|
| idAlert | Custom Field 3 |
InTrust alert ID. |
| HostName | Custom Field 4 |
This field is mapped to Custom Field 4 in order to be filled in with the proper data (since the 'Computer Name' Operations Manager alert field is reserved for Operations Manager data only). |
| TimeGenerated |
Custom Field 5 |
InTrust alert generation time in GMT format. This field is mapped to Custom Field 5 in order to be filled in with the proper data (since the 'Time Created' Operations Manager alert field is reserved for Operations Manager data only). |
| InTrustServer | Custom Field 6 |
This is the InTrust alert field's display name in the InTrust Monitoring Console. Tn the Alert database this field is named “ServerName”. |
| Custom Field 7 |
InTrust Alert database providing the alerts. | |
| Custom Field 8 |
Not used. | |
| Custom Field 9 | Used as a temporary storage for the initial alert state value received from InTrust: if InTrust alert's initial state is not 'New', the state will be kept in this field (the Resolution State in Operations Manager will first appear as 'New' but will be changed to the value from this field when the synchronization process completes). | |
| Custom Field 10 |
InTrust Connector instance's GUID (used to identify alerts stored in the Operations Manager database by this instance). |