3 constructing email alert filters, 4 default email alerts, Constructing email alert filters -41 – HP StorageWorks Scalable File Share User Manual

Managing email alerts

6–41

6.2.3 Constructing email alert filters

Email alert filters use the syntax that is used for queries in the

show log

command (see Section 4.6 for

more information about the

show log

command). However, some of the options that are supported by the

show log

command are not supported for email alerts. Specifically, you cannot filter events by time

(

time=

), age (

age=

), or by server name (

server=

) for email alerts.

Table 6-3 shows the valid attributes and operators that can be used to create an email alert filter.

Before you create an email alert, determine the type and nature of events that are going to trigger the alert.

You may find it helpful to test filters by using the

show log

command. You can test different filters (queries)

to see how many events match your filter and how frequently such events occur, and thus determine how

frequently email alerts will be triggered. If an alert filter is generating a large volume of alerts, consider

specifying a throttle to limit the number of times the alert is triggered within a certain time period. When a

throttle period is specified, the first event that matches the alert filter triggers the alert. For the duration of the

throttle, subsequent events that match the filter do not trigger the alert.
Section 6.2.4 describes the email alerts that are provided on the system by default and shows the syntax of

these filters.

Suitability of filters

The main purpose of the email alert mechanism is to warn system administrators about serious system events

that require action to be taken. Be careful not to construct alerts that have overly simple filters that will trigger

excessive numbers of email messages. If large volume of email are generated about less serious events, it

increases the risk that email messages about more serious events may be overlooked or ignored.

For example, a filter such as

severity>notice

is too simple, because there are many potential sources

for events that have a severity greater than

notice

. Use a combination of the facility, severity and data

attributes to narrow the alerts to specific event occurrences.

6.2.4 Default email alerts

A number of email alerts are provided on the system by default. These default alerts detect the faults that

occur most commonly on HP SFS systems.

The email address used by the default alerts is the

root

user on the SFS system. You must change the email

address on each of the default alerts to an appropriate address (or addresses), using the

modify alert

command. Note that if you enter more than one email address, you must separate the entries with commas.

Table 6-4 describes the default email alerts and shows the action required in the event of the alert being

triggered.

Table 6-3

Email filter attributes and operators

Attribute

Operators

facility

=, !=

severity

=, !=, <, <=, >, >=

data

=, !=, contains