Access Keys:
Skip to content (Access Key - 0)
 


RiverMuse install and upgrade core 4.2
Post installation core 4.2
RiverMuse configuration core 4.2
RiverMuse API
RiverMuse Core release notes
RiverMuse FAQ

Recently Updated
by christine.powell (16 Jun)
Overview of Core (Core Documentation)
by christine.powell (15 Jun)
API documentation (Core Documentation)
by christine.powell (15 Jun)
File api.jpg (Core Documentation)
by christine.powell (03 Jun)
RiverMuse installation and upgrade core 4.2 (Core Documentation)
by christine.powell (03 Jun)
Core (Core Documentation)
 
 Toggle Sidebar

Events menu core 4.2

From the Alert Details GUI it is possible to view alert and event information. The Alert Details GUI provides information on a single alert, you must select Events List for information on multiple alerts.

Starting the Alert Details GUI

  • From the Alert Console menu bar, click on Events, and select the Alert Details option.

Navigating the Alert Details GUI

The Alert Details GUI has a number of top-level tabs that allow you to access the following views: Pivot Table, User Logbook, Automatic Events, Event Variables and Statistics (if Count is greater than five). These provide access to most of the functions available in the Alert Details GUI.

The table below describes the icons contained in the Alert Details GUI:

Name Description
Pivot Table For a selected alert, displays all the available information input in the alerts table.
User Logbook Details the actions taken upon an alert by users.
Automatic Events Details the actions taken upon an alert by yarpd.
Event Variables Displays the 'tokens' for events returned by omosd (variables=named tokens).
Statistics Tab only appears if Count is greater than five. Displays in a box or scatter graph format, statistical information on the database timestamp .

How to open each Alert Details tab

In the Alert Details GUI, click on the tab you wish to view.

Pivot Table

For a selected alert record in your network, the Pivot table displays all the available information.

The attributes in the Attribute column of the Pivot Table correspond to the alerts table in the rivermuse database. The following table describes each attribute:

Attribute Description
id A unique global identity that exists for each alert.
discriminator Relates to how the deduplicator works. A unique discriminator exists for each alert.
severity The OSI severity code.
entity The entity relates to the device.
agent The agent that is the source of the alert.
agent_entity The device that the agent is running on.
type Name of the alert rule that created the alert.
owner Current owner of the alert.
count Number of times alert has occurred.
description A short textual description of the alert.
first_occurred Time that the alert first occurred.
last_occurred Time that the alert was last updated.
agent_time First occurred time recorded by the agent.
state Supplementary table for state_types. Assigned, new or resolved.

User Logbook

The User Logbook acts as a journal, tracking all actions undertaken by a user on an alert.

The following table details the columns within the User LogBook table:

Name Description
Owner States the user who undertook the action.
Comment Details the action undertaken on the alert.
Time Timestamp for when the action occurred.

The information in the User Logbook table is taken from the events table in the rivermuse database. For example, the following graphic shows that an alert was assigned to user Delores on 2010-02-22.

Adding an entry into the user logbook

  1. Click on the icon located towards the bottom of the page.
  2. Type your comments in the Add Comment text box.
  3. Click on Save to add your comment to the log, or click on Reset to clear.

Automatic Events

For a selected alert, the Automatic Events table displays the actions taken upon the alert by yarpd.

You need to write rules (conditions/actions) for yarpd to act upon an alert. Be advised, you must not close the alert before applying the rule.

Event Variables

The Event Variables tab displays the variables associated with the alert's event.

The events are generated from the events table, and the values for the variables are from the events_vars table. The actual variable names are stored in the variables table.

The following table provides a description of each field:

Name Description
agent_host Host name of agent.
agent_name Name of the agent that generated the alert.
agent_time The time the event occurred recorded by the agent.
alert_host Host name of the event.
alert_msg Message attached to the event.
alert_pid Process id of the program that raised the alert, e.g., 100.
alert_prog Name of the program that raised the alert, e.g., apache.
alert_proggrp The group the program belongs to, for example, when a message comes from the kernel, it is set to kernel.
alert_severity Severity of the event.
alert_time Actual time of the event.
tokens Any other information that the agent finds.

Statistics

If the Count column is greater than five, a Statistics tab appears in the Alert Details GUI. The Statistics window models, in box and scatter graph formats, the timestamps for when omosd events reach the rivermuse database. The Statistics window plots the database timestamp for when an event enters the database. The five number summary provides the median, minimum, maximum, lower quartile and upper quartile statistics as shown in the following graphic:

By selecting Scatter from the Type of Plot drop down menu box, the window will display a scatter graph plotting the average database timestamp, and provide the standard deviation as shown below:
Adaptavist Theme Builder (3.3.5-M4-SNAPSHOT-conf210) Powered by Atlassian Confluence 2.10, the Enterprise Wiki.