Novell is now a part of Micro Focus

Rule-Based Alarm Management System: A Use Case Approach

Novell Cool Solutions: AppNote
By K Swaminathan, Sudip Kumar

Digg This - Slashdot This

Posted: 16 Feb 2006


Why the Rule-Based Alarm Management System
Understanding the Rule-Based Alarm Management System
Use cases for the Rule-Based Alarm Management System


One of the primary goals of network administrators in managing networks is to keep track of all the managed devices and networks, and to make sure that they are functioning properly. Administration of an enterprise network is always a challenging task for network administrators. An administrator needs to monitor the critical servers around the clock and provide solutions as soon as a critical event occurs.

The Alarm Management System of Novell ZENworks Server Management alerts administrators about events from the network, like the SNMP traps, to allow administrators to proactively resolve network problems occurring in the network.

Rule-based Alarm Management, an enhancement over the Alarm Management System, allows the system administrator to process, store and monitor alarms by configuring a set of rules on the management server.

Why the Rule-Based Alarm Management System

In a managed enterprise network, where several thousand nodes need to be managed, the chances of getting a huge number of alarms is very high, and it would be difficult for an administrator to manage the alarms based on any of the following:

  1. Server IP address that triggers the alarms
  2. Severity of the alarms
  3. Time at which the alarm is received
  4. Type of the alarms

The Rule-Based Alarm Management System helps to make the administrator's job easier by giving certain alarms specific actions. You segregate the alarms based on Source Address, severity of alarm, alarm type and time intervals and set the preferred actions.

Understanding the Rule-Based Alarm Management System

The Rule-Based Alarm Management System helps you in managing the alarms by creating rules on the management server which help in processing and storing the alarms. It provides a centralized location for processing and viewing the alarms generated by devices throughout the network. It also allows you to specify different actions for each condition, as explained later in use cases.

A Rule consists of :
  1. Properties
  2. Conditions
  3. Actions


Properties contain the name and description of a rule. This information is visible to the Administrator, along with the date and time the rule is created and last modified, when a rule is selected.

Figure 1: Properties Page


A rule consists of multiple conditions which can be configured to process incoming alarms. At least one condition must be specified to create a rule. Conditions includes:

  1. Source Addresses
  2. Severity, State and Specific Alarms
  3. Time intervals

Figure 2: Conditions Page

For detailed information about conditions see the ZENworks 7 Server Management Administration Guide


Rules allow you to perform specified actions when alarm occurs. One action must be defined to create a rule. The following actions can be configured while creating a rule:

  1. SMTP Mail Notification
  2. Launching an External Program
  3. SNMP Traps Forwarding
  4. Alarm Forwarding
  5. Alarm Archiving, Show on Ticker bar, Beep on Console, Auto handle and User Assignment

Figure 3: Actions Page

Use cases for the Rule-Based Alarm Management System

Use Case 1

The Acme Corp. has a large network. The system administrator of Acme Corp. is concerned about the events on some of the critical servers that maintain the inventory of Acme Corp. If any alarms are generated from these servers, the administrator is required to notify the Inventory Problem Solving team by SMTP mail notification.

The Rule-Based Alarm Management System can address the above requirement, as follows:

  1. In the Alarm Disposition view, create a new rule.
  2. Set the rule name and the description.
  3. Add the critical server's address in the Conditions.

Figure 4: Assigning Source Address
  1. Set the action to be performed on the incoming alarms, as below.

Figure 5: SMTP Mail Notification
  1. Save the Rule.

Now the administrator can segregate the events from a specified critical server and can also notify the concerned team to take corrective action.

Use Case 2

The System Administrator of Acme Corp. is concerned about problems on some of the inventory servers. There are two requirements in this use case.

  1. Problems on some of the inventory servers need to be addressed by the general problem resolution team.
  2. If a server is raising an event of type "File Read Err , By Server" while reading the sys:\ Inventory_dat.txt file, then the generated event should be forwarded to an application running on server that listens to the incoming SNMP events.

The above requirement of the System Administrator of Acme Corp. can be addressed by the Rule-Based Alarm Management System. This requires two rules to be created, one for each of the above requirements.

The first rule can be created as in the Use case 1.

The second rule can be created as follows:

  1. In the Alarm disposition view, create a new rule.
  2. Set the rule name and the description.
  3. Select the Alarm corresponding to the type "File Read Err , By Server".

Figure 6: Specific Alarm Selection
  1. Set Advanced option for the selected trap.

Figure 7: Advanced Alarm Configuration
  1. Set the fileName as "inventory_dat.txt".
  2. Set the VolumeName as "SYS".
  3. Set the actions as "SNMP Trap Forwarding".

Figure 8: SNMP Trap Forwarding
  1. Add the target address to receive the incoming SNMP Event.
  2. Save the configuration.

Note: The order in which the rule appears in the rules tab is taken as the precedence for applying the rule.
Now the Administrator can easily take action on the critical requirements to keep the system intact.

Use Case 3

The system administrator has to notify the a help desk engineer through email, with the appropriate engineer depending on the time the alarm is received. If the alarm is received between 10 AM and 10 PM, engineer Sam should be notified and if the Alarm is received between 10 PM and 10 AM, Engineer Bob should be notified.

The above requirement can be satisfied by creating two rules:

  1. A rule for help desk engineer Sam.
  2. A rule for help desk engineer Bob.

This can be done as below:

  1. Create the new rule, as in Use case 1.
  2. Create two users: Sam and Bob.

Figure 9: User Creation
  1. Give valid SMTP server IP Address
    Note: The test button can be used to test the SMTP service on the specified server.
  2. Set the new rule for the user Sam.
  3. Set the severity of the alarm as critical in the condition.

Figure 10: Setting the Severity
  1. Set the time interval required in the condition.

Figure 11: Time Interval as Conditions
  1. Set the action for engineer Sam to be sent the notification.

With this procedure, the administrator can assign the critical alarm to the help desk engineer Sam when it is raised from 10:00 (10 am) to 22:00 (10 pm). Another rule can be created by copying the above rule and by editing the rule with the user as Bob and the time between 22.00 to 10.00. Engineer Bob can then be informed of critical alarms at the specified time.

Figure 12: User Assignment

Now the alarms are forwarded to the appropriate help desk engineer based on time of day.


In this Appnote, we have discussed the Rule-Based Alarm Management System component of ZENworks 7 Server Management using use cases. It explains how the Rule-Based Alarm Management System will help system Administrators manage rules for alarms with various conditions to specify actions.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates