This
Use the following menu options to navigate the SL1 user interface:
- To view a pop-out list of menu options, click the menu icon (
). - To view a page containing all of the menu options, click the Advanced menu icon (
).
What is an Event?
One of the quickest ways to monitor the health of your network is to look at events. You can view events on the Events page in SL1.
Events are alerts that are triggered when a specific condition is met. For example, an event can signal if a server has gone down, if a device is exceeding CPU or disk-space thresholds, or if communication with a device has failed. Alternately, an event can simply display the status of a managed element.
An alert defines a formula that SL1 evaluates each time data is collected. If the formula evaluates to true during data collection, SL1 generates an alert. Not every alert will trigger an event. An alert must have an event policy in SL1 that defines the conditions for the event, and when an alert meets the conditions in the event policy, SL1 generates an event.
SL1 generates log messages from incoming trap and syslog data, and also when SL1 executes user-defined policies. SL1 then uses these log messages to generate events. SL1 examines each log message and compares it to each event definition. If a log message matches an event's definition, SL1 generates an event instance and displays the event on the Events page.
Each event includes a description of the problem, where the problem occurred (device, network hardware, software, policy violation), a pre-defined severity, the time of first occurrence, the time of most recent occurrence, and the age of the event. You can find more information on the Event Investigator page for an event.
SL1 includes pre-defined events for the most commonly encountered conditions in the most common environments. You can also create custom events for your specific environment or edit the pre-defined events to better fit your specific environment.
What is Escalation?
Escalation is the process through which an organization identifies issues, manages issues, and takes corrective actions related to those issues.
When an issue is escalated, it is sent to a staff member with greater technical knowledge or a higher level of authority than lower-level staff members. Escalation should occur only when all avenues have been exhausted at the lower levels within the organization.
In SL1, automation policies and automation actions allow you to specify the actions you want the system to execute when specific event conditions are met. For example, if nobody in an organization acknowledges an event within 10 minutes, the system can automatically notify a manager. If nobody acknowledges the same event within 20 minutes, the system can notify a director. If nobody acknowledges the same event within 30 minutes, the system can notify a vice president.
For information on how to create an example escalation policy, see Escalation Processes.
Before using SL1 to manage event escalation, your organization must include certain business process or standard operating procedures. Examples of these supporting processes and event escalation processes are described in Business Processes.