To view the alerts forwarded from InTrust, use the Operations Manager console. After you select Monitoring | Active Alerts, they will be displayed as shown below:
You can examine each alert in detail after opening by double-clicking it to open its properties.
Here you can find general information about the alert, including its severity, description, status, etc.
Note: When an alert is forwarded to Operations Manager, the Alert Source field value is set to Quest InTrust Connector on <Connector_host_name>.
This tab contains a brief description of the product operation and references to detailed information on InTrust and InTrust Connector for Operations Manager.
This tab can be used to enter your company knowledge for the alert (if any). For that, click Edit Rule, and edit the Knowledge field of the rule which is the source of the selected alert.
Use this tab to track the alert history (from the moment it was activated), including all modifications and their initiators.
The alert context (structure) is displayed in XML format.
This tab contains a list of custom fields described in the Alert Field Mapping topic. This data is filled in automatically by the product and should not be changed.
The table below shows how InTrust alert fields are mapped to the Operations Manager alert fields displayed in the Operations Manager console:
|InTrust Alert Field||Operations Manager Alert Field||
The Operations Manager alert description is derived from InTrust alert fields using the following rule:
InTrust Server: <InTrustServer>
Logging Host: <HostName>
Creation Time: <TimeGenerated>
InTrust Alert Description: <Description>
|Name||Name||Alert display name, for example, “Successful Logons During Non-Business Hours”.|
Operations Manager offers the following predefined alert resolution states:
The InTrust alert states are as follows:
To represent this state in Operations Manager, you can follow the instructions provided in the Configuring InTrust Connector for Operations Manager topic. The settings you configure will take effect for all alerts forwarded to Operations Manager.
Alert severity values are mapped, as follows:
|Creation Time||Filled in by Operations Manager.|
If an InTrust Alert contains a custom field named 'ForwardToMOM', it is forwarded to Operations Manager regardless of the filtering settings in the InTrust Connector.
Custom Field 1
Custom Field 2
|idAlert||Custom Field 3||
InTrust alert ID.
|HostName||Custom Field 4||
This field is mapped to Custom Field 4 in order to be filled in with the proper data (since the 'Computer Name' Operations Manager alert field is reserved for Operations Manager data only).
Custom Field 5
InTrust alert generation time in GMT format.
This field is mapped to Custom Field 5 in order to be filled in with the proper data (since the 'Time Created' Operations Manager alert field is reserved for Operations Manager data only).
|InTrustServer||Custom Field 6||
This is the InTrust alert field's display name in the InTrust Monitoring Console. Tn the Alert database this field is named “ServerName”.
|Custom Field 7||
InTrust Alert database providing the alerts.
|Custom Field 8||
|Custom Field 9||Used as a temporary storage for the initial alert state value received from InTrust: if InTrust alert's initial state is not 'New', the state will be kept in this field (the Resolution State in Operations Manager will first appear as 'New' but will be changed to the value from this field when the synchronization process completes).|
|Custom Field 10||
InTrust Connector instance's GUID (used to identify alerts stored in the Operations Manager database by this instance).