Event Notification and Event Automation

Download this manual as a PDF file

SL1 includes automation features that allow you to define specific event conditions and the actions you want SL1 to execute when those event conditions are met.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Automation Policies

An automation policy allows you to define automatic actions that should be executed in response to events. An automation policy defines the event conditions that can trigger an automatic action.

When the event criteria in an automation policy is met, an action is executed. This action is defined in an action policy. To view a list of action policies, go to the Action Policy Manager page (Registry > Run Book > Actions).

For example, an automation policy might specify: if the event "illicit process" occurs on device "mailserver01", and the event is not cleared within five minutes, execute the action policy "Email NOC". The action policy "Email NOC" could notify all NOC staff about the "illicit process" event.

Automation policies can describe the following criteria. One or more of these criteria must be met before an action is executed:

  • One or more specified events must have occurred.
  • Events must have occurred on one of the specified devices.
  • Event(s) must have the specified severity (critical, major, minor, notice, or healthy).
  • Events must have the specified status (event is not cleared, event is not acknowledged, ticket is not created for event).
  • Specific amount of time that must elapse while the status does not change.

When the criteria are met, the automation policy triggers the execution of one or more specified action policies.

To create an automation policy, go to the Automation Policy Manager page (Registry > Run Book > Automation).

Action Policies

An action policy is an action that can be automatically triggered in SL1 when certain criteria are met. The triggers are defined in an automation policy (Registry > Run Book > Automation).

An action policy can perform one of the following tasks:

  • Send an email message to a pre-defined list of users.
  • Send an SNMP trap from SL1 to an external device.
  • Create a new ticket (using ticket templates defined in Registry > Ticketing > Templates page).
  • Update an existing ticket.
  • Write an SNMP value to an existing SNMP object on an external device.

  • Execute a custom Snippet (Python program).
  • Query a database.

To create an action policy, go to the Action Policy Manager page (Registry > Run Book > Actions).