ON THIS PAGE
About the Events Page
SUMMARY Users with the Super User, Network Admin, or Observer roles can use the Events page. The users can monitor the health of the network using notifications such as alerts, alarms, and device system logs from this page.
To access this page, click Observability > Health > Events.
Paragon Automation generates notifications based on data collected from the network and network devices. These notifications highlight issues that may need attention and how they can affect the network.
Paragon Automation monitors Key Performance Indicators (KPIs) related to a device's health and the network connectivity parameters. When anomalies occur in the KPIs, Paragon Automation generates alerts to notify you of these anomalies. For example, interface input errors generate an alert.
Alarms are standard trigger conditions set for devices. They are events that indicate conditions on a device that might prevent the device from operating normally. For example, gateway device fault triggers an alarm.
The Events page has three tabs to display alerts, alarms, and device system logs. You can view and manage notifications for alerts and alarms, and view device system logs from their respective tabs. The Alerts tab is displayed by default. Alerts and alarms are collectively called events in the Paragon Automation GUI and in this topic. By default, the tables on the Alerts and Alarms tabs display the events based on the time they were received, with the latest event on top. On each tab, you can see three widgets that display important network and device statistics such as the total number of events generated and the number of critical and noncritical events that have recently been detected in your network.
In addition, you can view specific alerts and alarms, by applying an event template to your organization. Event templates filter the list of alerts and alarms displayed on the tabs. You can also enable notifications of events to be sent to selected recipients over third party application such as e-mail and Slack.
Note that an e-mail notification is sent out only when you have confiugred SMTP in Paragon Automation. For information about configuring SMTP, see Configure SMTP Settings in Paragon Shell. The default behavior is to not send e-mail notifications for events.
To send event notifications to Slack channels, configure Webhooks on the Organization Settings page (Settings Menu > System Settings > Webhooks). For more information, see Parameters to Configure Webhooks section of the Manage Organization Settings topic.
The Events page displays device notifications in the following tabs:
Alerts Tab
To access this tab, click Observability > Health > Events. The Alerts tab is displayed by default.
Paragon Automation generates various alerts to notify you of anomalies in the KPIs in your network. This tab displays all the generated alerts, by default. To monitor specific alerts, you can apply an event template to your organization. Event templates filter the alert list to display only the alerts that are tracked in the template. You can also choose to receive e-mail and Slack (using Webhooks) notifications for the alerts. For more information, see Manage Event Templates.
The page auto-refreshes every one minute.
You can view the following statistics in the widgets on the Alerts tab:
-
Total Alerts—Displays the total number of alerts generated in the organization. This number can vary based on the filters selected and the event template applied.
-
Critical Alerts—Displays the number of active critical alerts that need immediate attention. Examples of critical alerts include, OSPF send module is not functioning, flaps are increasing continuously, and FPC heap memory utilization exceeds the critical threshold.
-
Minor Alerts—Displays the number of active minor alerts generated in the organization. They are warnings that needs to be fixed but don't require immediate attention. Examples of minor alerts include, system power remaining is 50 percent and temperature has exceeded default warning threshold.
Active alerts are alerts that currently exist on the device and are not yet acknowledged or fixed. The status of active alerts is shown as Open.
You can click the widgets on the page to filter the displayed alerts and alerts statistics. For example, if you click Critical Alerts, then the Total Alerts widget and the alerts table update to display the number and details of only the critical alerts.
Tasks You Can Perform
- Create event templates—Click Templates Configuration to create one or more event templates. For more information, see Create an Event Template.
- View details of an alert—Select an alert and click More >
Detail or click the Details icon on the left to view more
information on the alert. The Alert Details
pane
appears displaying the alert ID, alert group, acknowledge or unacknowledge
time, and acknowledgment note.Note:
You can drill-down to the device level to view more details on the alert. Click a Device name next to an alert to navigate to the Overview tab of the Troubleshoot Devices > Device-Name page. On the Overview tab one of the following health status is displayed (on the right) for each accordion:
-
Healthy
-
Urgent Action Needed (Critical)
-
Action Needed (Major)
-
Being Monitored (Minor)
You can click the accordions and analyze the issues that have occurred on the device. The Relevant Events section provides additional insights on the events.
-
Acknowledge an alert—When you want to mark an issue raised by one or more alerts as seen, you can mark it as acknowledged.
You can acknowledge an alert to indicate that the issue raised has come to your notice. Acknowledging an alert doesn't mean that the issue is fixed. For example, during a maintenance window, multiple alerts are raised. But not all of them will prevent the devices from operating normally. In such cases, you can acknowledge those minor alerts but you won't necessarily have to take any corrective actions.To acknowledge alerts, select one or more alerts and click More > Ack. The Acknowledge confirmation window appears. Enter an acknowledgment message in the Note field and click OK. Once acknowledged, the status of the alert is changed to Ack.
-
Unacknowledge an alert—If you acknowledged an alert by mistake and want to reverse that operation, you can unacknowledge the alert.
To unacknowledge alerts, select one or more alerts and click More > Unack. The Unacknowledge confirmation page appears. Enter an unacknowledgment message in the Note field and click OK. Once unacknowledged, the status of the alert is changed to Open.
If you do not add a note and there was a previously added note for the alert, the note will now be cleared.
-
Hide acknowledged alerts—Select the Hide Acknowledged check box to hide the acknowledged alerts in the alerts table. The table is then updated to display only open alerts.
-
Filter the data displayed in the table—Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.
-
Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu.
-
Sort, resize, or re-arrange columns in a table (grid).
Field Descriptions
Table 1 describes the fields in the Alerts Tab.
Field | Description |
---|---|
Device | Name of the device. You can click the Device Name to see in-depth device information on the Observability > Troubleshoot Devices > Device-Name > Overview tab. |
Severity |
Severity level of the issue that raised the alert. Options are:
|
Details |
Description of the issue. |
Last Received Time |
Date and time at which the alert was last received. |
Status |
The management status of the alert entry. Options are:
|
Type | Category of the alert. Alert categories
are:
|
Site | Site in which the device (for which the alert was raised) is located. |
Alert ID | Unique identifier of the alert. |
Alarms Tab
To access this tab, click Observability > Health > Events > Alarms.
Alarms are generated by devices when an abnormal event prevents the device from functioning normally. Alarms provide information and help you monitor the status and the health of your network devices. The Alarms tab displays all the generated alarms, by default. To monitor specific alarms, you can apply an event template to your organization. Event templates filter the alarm list to display only the alarms that are tracked in the template. You can also choose to receive e-mail and Slack (using webhooks) notifications for the alarms. For more information, see Manage Event Templates.
The tab auto-refreshes and displays the latest alarms.
You can view the following statistics in the widgets on the Alarms tab:
-
Total Active Alarms—Displays the total number of alarms raised by devices in the organization. You can also view the total number of new alarms generated in the past 24 hours and in the past week. This number can vary based on the filters selected and the event template applied.
-
Critical Active Alarms—Displays the number of critical alarms that need immediate attention. An example of a critical alarm is input voltage failure. You can also view the number of critical alarms generated in the past 24 hours and in the past week.
-
Warning Active Alarms—Displays the number of minor alarms raised. Examples of warning alarms include minimum supported firmware version mismatches or when the host active disk usage exceeds the threshold. You can also view the number of new warning alarms generated in the past 24 hours and in the past week.
In addition to critical and warning alarms, you can also view informational alarms in the alarms table. To view informational alarms, click the filter (funnel) icon. From the Field list, select Severity and from the Value list, select Info. Click Save and Close. The alarms table is updated to show only informational alarms.
You can click the widgets on the page to filter the displayed alarms and alarms statistics. For example, if you click Critical active alarms, then the Total active alarms widget and the alarms table update to display the number and details of only the critical active alarms.
Tasks You Can Perform
-
Create event templates—Click Templates Configuration to create one or more event templates. For more information, see Create an Event Template.
-
View details of an alarm—Select an alarm and click More > Detail or click the Details icon on the left to view more information about the alarm. The Alarm Details page appears displaying the alarm ID, alarm group, cleared time, acknowledge or unacknowledge time, and acknowledgment note.
Note:You can drill-down to the device level to view more details on the alarms. Click a Device name next to an alarm to navigate to the Overview tab of the Troubleshoot Devices > Device-Name page. On the Overview tab one of the following health status is displayed (on the right) for each accordion:
-
Healthy
-
Urgent Action Needed (Critical)
-
Action Needed (Major)
-
Being Monitored (Minor)
You can click the accordions and analyze the issues that have occurred on the device. The Relevant Events section provides additional insights on the events.
-
-
Acknowledge an alarm—When you want to mark an issue raised by one or more alarms as seen, you can mark it as acknowledged.
You can acknowledge an alarm to indicate that the issue raised has come to your notice. Acknowledging an alarm doesn't mean that the issue is fixed. For example, during a maintenance window, multiple alarms are raised. But not all of them will prevent the devices from operating normally. In such cases, you can acknowledge those informational alarms but you won't necessarily have to take any corrective actions. You can acknowledge only open alarms.
To acknowledge alarms, select one or more alarms and click More > Ack. The Acknowledge confirmation window appears. Enter an acknowledgment message in the Note field and click OK.
Note:The status of the alarm remains Open and does not change when you acknowledge an alarm.
-
Unacknowledge an alarm—If you acknowledged an alarm by mistake and want to reverse that operation, you can unacknowledge the alarm.
To unacknowledge alarms, select one or more alarms and click More > Unack. The Unacknowledge confirmation page appears. Enter an unacknowledgment message in the Note field and click OK. Once unacknowledged, the status of the alarm is changed to Open.
If you do not add a note and there was a previously added note for the alarm, the note will now be cleared.
Note:The status of the alarm remains Open and does not change when you unacknowledge an alarm.
-
Hide acknowledged alarms—Select the Hide Acknowledged check box to hide acknowledged alarms in the alarms table. The table is then updated to display only open alarms that have not been acknowledged.
-
Filter the data displayed in the table—Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.
-
Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu.
-
Sort, resize, or re-arrange columns in a table (grid).
Field Descriptions
Table 2 describes the fields in the Alarms tab.
Field | Description |
---|---|
Device | Name of the device on which the alarm occurred. You can click the Device Name to see in-depth device information on the Observability > Troubleshoot Devices > Device-Name > Overview tab. |
Severity | Severity level or seriousness of the alarm. Options are:
|
Status | Status of the issue that raised the alarm. Options are:
|
Raised | Date and time when the alarm was raised. |
Type | Category of the alarm. The alarm category is Hardware. |
Site | Site in which the device (for which the alarm was raised) is located. |
Details | Details of the issue. For example, operational status of an interface is down. In most cases, the component affected by the alarm is displayed. |
Alarm ID | Unique identifier of the alarm. |
Device Logs Tab
To access this tab, click Observability > Health > Events > Device Logs.
Devices generate system log messages to record events such as:
- Routine operations such as creation of an Open Shortest Path First (OSPF) protocol adjacency or a user login to the configuration database.
- Failure or error conditions such as failure in accessing a configuration file or an unexpected closure of a connection to a peer process.
- Emergency or critical conditions such as a router powering down due to excessive temperature.
You can use REST APIs to search and count the logs generated per device.
The Device Logs tab displays all the system logs generated from the devices in your network.
The page auto-refreshes every one minute.
You can view the following statistics in the widgets on the Device Logs tab:
-
Total Syslogs—Displays the total number of system logs generated for all devices in the organization. This number can vary based on the filters selected.
-
Critical Syslogs—Displays the number of critical system logs.
-
Error Syslogs—Displays the number of error system logs.
In addition to critical and error system logs, you can also view warning system logs from the device logs table. To view warning system logs, click the filter (funnel) icon. From the Field list, select Severity and from the Value list, select Warn. Click Save and Close. The device logs table is updated to show only warning system logs.
You can click the widgets on the page to filter the displayed system logs and system logs statistics. For example, if you click Critical Syslogs, then the Total Syslogs widget and the device logs table update to display the number and details of only the critical system logs.
Tasks You Can Perform
- View the system logs for all devices in the organization—Select one of the
following time intervals for which you can want to view the system logs:
- Week
- Day
- 3hrs
- 1hr
- 30 minutes
- Custom—When you select this option, the calendar is enabled on the left. Click the calendar icon to manually select the date and time range for the past month. The logs are immediately displayed in a table.
Note:-
By default, logs generated in the past 30 minutes are displayed.
-
System logs are collected from the device every three minutes and stored securely. The retention period for system logs is one month.
- Filter the data displayed in the table—Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.
-
Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu.
-
Sort, resize, or re-arrange columns in a table (grid).
Field Descriptions
Table 3 describes the fields in the Device Logs tab.
Fields | Description |
---|---|
Device | Name of the device that generated the log. |
Hostname | Name that identifies the device in the network. Note:
To view the host name, hover over Show/Hide Columns and enable Hostname check box. The host name is displayed in the device logs table. |
Severity | Severity level of the event that generated the log. Options
are:
|
Timestamp | Date and time at which the logged event was recorded. |
Site | Site in which the device is located. |
Appname | Application on the device that generated the log message. |
Message | Details of the log. Note:
|