Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring System Notifications

 

You can configure system performance alerts for thresholds. This section provides information about configuring your system thresholds.

The following table describes the Global System Notifications window parameters:

Table 1: Global System Notifications Window Parameters

Parameter

Description

System load over 1 minute

Type the threshold system load average over the last minute.

System load over 5 minutes

Type the threshold system load average over the last 5 minutes.

System load over 15 minutes

Type the threshold system load average over the last 15 minutes.

Average time in ms for I/O requests for device

Type the threshold time in ms for I/O requests

Percentage of swap used

Type the threshold percentage of used swap space.

Received packets per second

Type the threshold number of packets received per second.

Transmitted packets per second

Type the threshold number of packets transmitted per second.

Received bytes per second

Type the threshold number of bytes received per second.

Transmitted bytes per second

Type the threshold number of bytes transmitted per second.

Receive errors

Type the threshold number of corrupted packets received per second.

Transmit errors

Type the threshold number of corrupted packets transmitted per second.

Packet collisions

Type the threshold number of collisions that occur per second while transmitting packets.

Dropped receive packets

Type the threshold number of received packets that are dropped per second due to a lack of space in the buffers.

Dropped transmit packets

Type the threshold number of transmitted packets that are dropped per second due to a lack of space in the buffers.

Transmit carrier errors

Type the threshold number of carrier errors that occur per second while transmitting packets.

Receive frame errors

Type the threshold number of frame alignment errors that occur per second on received packets.

Receive fifo overruns

Type the threshold number of First In First Out (FIFO) overrun errors that occur per second on received packets.

Transmit fifo overruns

Type the threshold number of First In First Out (FIFO) overrun errors that occur per second on transmitted packets.

  1. On the navigation menu (), click Admin to open the admin tab.
  2. In the System Configuration section, click Global System Notifications.
  3. Enter values for each parameter that you want to configure.
  4. For each parameter, select Enabled and Response Criteria and then select one of the following options:

    Option

    Description

    Greater Than

    An alert occurs if the parameter value exceeds the configured value.

    Less Than

    An alert occurs if the parameter value is less than the configured value.

  5. Type a description of the preferred resolution to the alert.
  6. Click Save.
  7. On the tab menu, click Deploy Changes.

Configuring Custom E-mail Notifications

When you configure rules in JSA, specify that each time the rule generates a response, an e-mail notification is sent to recipients. The e-mail notification provides useful information, such as event or flow properties.

You can customize the content that is included in the email notification for rule response by editing the alert-config.xml file.

Note

References to flows do not apply to Log Manager.

You must create a temporary directory where you can safely edit your copy of the files, without the risk of overwriting the default files. After you edit and save the alert-config.xml file, you must run a script that validates your changes. The validation script automatically applies your changes to a staging area, from where you can deploy by using the JSA deployment editor.

  1. Using SSH, log in to the JSA console as the root user.
  2. Create a new temporary directory to use to safely edit copies of the default files.
  3. To copy the files that are stored in the custom_alerts directory to the temporary directory, type the following command:

    The <directory_name> option is the name of the temporary directory that you created.

  4. Confirm that the files were copied successfully:
    1. To list the files in the directory, type the following command:

      ls -lah

    2. Verify that the following file is listed:

      alert-config.xml

  5. Open the alert-config.xml file for editing.
  6. Edit the contents of the <template> element:
    1. Required: Specify the type of template to use. Valid options are event or flow.

      <templatetype>event</templatetype>

      <templatetype>flow</templatetype>

    2. Type a name for the email template:

      <templatename>Default flow template</templatename>

    3. Set the active element to true:

      <active>true</active>

    4. Edit the parameters in the <body> or <subject> elements to include the information that you want to see.

      Note

      The <active></active> property must be set to True for each event and flow template type that you want to appear as an option in JSA. You must also ensure that the <active></active> property is left empty.

    Notification parameters that you can use in the template:

    Table 2: Accepted Notification Parameters

    Common Parameters

    Event Parameters

    Flow Parameters

    AppName

    EventCollectorID

    Type

    RuleName

    DeviceId

    CompoundAppID

    RuleDescription

    DeviceName

    FlowSourceIDs

    EventName

    DeviceTime

    SourceASNList

    EventDescription

    DstPostNATPort

    DestinationASNList

    EventProcessorId

    SrcPostNATPort

    InputIFIndexList

    Qid

    DstMACAddress

    OutputIFIndexList

    Category

    DstPostNATIPAddress

    AppId

    RemoteDestinationIP

    DstPreNATIPAddress

    Host

    Payload

    SrcMACAddress

    Port

    Credibility

    SrcPostNATIPAddress

    SourceBytes

    Relevance

    SrcPreNATIPAddress

    SourcePackets

    Source

    SrcPreNATPor

    Direction

    SourcePort

    DstPreNATPort

    SourceTOS

    SourceIP

     

    SourceDSCP

    Destination

     

    SourcePrecedence

    DestinationPort

     

    DestinationTOS

    DestinationIP

     

    DestinationDSCP

    DestinationUserName

     

    SourceASN

    Protocol

     

    DestinationASN

    StartTime

     

    InputIFIndex

    Duration

     

    OutputIFIndex

    StopTime

     

    FirstPacketTime

    EventCount

     

    LastPacketTime

    SourceV6

     

    TotalSourceBytes

    DestinationV6

     

    TotalDestinationBytes

    UserName

     

    TotalSourcePackets

    DestinationNetwork

     

    TotalDestinationPackets

    SourceNetwork

     

    SourceQOS

    Severity

     

    DestinationQOS

    CustomPropertiesList

     

    SourcePayload

  7. Optional: To create multiple email templates, copy and paste the following sample email template below the <template> element in the alert-config.xml file. Repeat Step 6 for each template that you add.

    Sample email template:

  8. Save and close the alert-config.xml file.
  9. Validate the changes by typing the following command.

    The <directory_name> parameter is the name of the temporary directory that you created. If the script validates the changes successfully, the following message is displayed: File alert-config.xml was deployed successfully to staging!

  10. Deploy the changes in JSA.
    1. Log in to JSA.

    2. On the navigation menu (), click Admin to open the admin tab.

    3. Select Advanced > Deploy Full Configuration.

Note

JSA continues to collect events when you deploy the full configuration. When the event collection service must restart, JSA does not restart it automatically. A message displays that gives you the option to cancel the deployment and restart the service at a more convenient time.