Novell Doc: Novell ZENworks 7 Server Management Administration Guide - Understanding the Alarm Management System

24.1 Understanding the Alarm Management System

The Alarm Management System alerts you to network conditions and events. It provides you with tools and back-end services to use, distribute, and manage this information. The Alarm Management System component is also fully integrated with other Novell ZENworks Server Management components. It provides access control through the Role-Based Services component and provides report generation through the reporting functions. The Alarm Management System provides a centralized location for processing and viewing the events and alarms generated by devices and systems throughout your network.

You can use ConsoleOne to view tabular lists of statistical data for active and historical alarms received by the Alarm Management System. This makes it easy to handle alarms and track network events and recurring alarm conditions.

In addition, real-time notification of alarms occurring on your network is provided by the following:

Severity level, as displayed by the changing color of the alarm indicators
Audible notification
Status bar ticker-tape messages

You can also assign an action to an alarm, such as automatically launching a program when an alarm is received, or sending an e-mail message to notify remote users of events.

Section 24.1.1, Alarm Management System Components

24.1.1 Alarm Management System Components

The Alarm Management System consists of multiple components for processing, storing, and viewing alarms. All alarms received by the Alarm Management System are processed and sent to applications that subscribe to them. ConsoleOne, by default, subscribes to the Alarm Management System and receives updates when an alarm is processed. Hierarchical Status Notification also subscribes to the Alarm Management System and changes the color of the atlas map icon accordingly.

Figure 24-1 illustrates the Alarm Management System components:

Figure 24-1 Alarm Management System components on the client and on the server

The main components that make up the Alarm Management System are as follows:

SNMP Trap Receiver

The SNMP Trap Receiver receives traps from network management agents and converts them to alarms. Thereafter, it passes them to the Alarm Server.

Alarm Server

The Alarm Server receives alarms from the SNMP Trap Receiver and other applications. Then it passes them to the alarm processors.

Alarm Processors

The Alarm Processors include processes for receiving, processing, and dispatching alarms to various subscribers. The inbound processor applies alarm templates to incoming alarms. After inbound processing is completed, the alarm is sent to the LSM Hook Processor, which processes segment-related alarms. The LSM Hook Processor sends the alarm to the Rule Processor.

Rule Processor

The Rule Processors applies all the configured rules on the alarm it has received from the LSM Hook Processor. If the alarm satisfies any of the rules, corresponding disposition information is updated and the alarm is sent to the Outbound Processor. If none of the rules satisfies by the alarm, the alarm is dropped.

Outbound Processor

After receiving the alarm from the Rule Processor, Outbound Processor sends the alarm to the Disposition Engine Manager and all the subscribers of the alarm manager.

Disposition Engine Manager

The Disposition Engine Manager checks the Actions defined in the alarm it has received and sends the alarms to respective disposition engines such as the SNMP Trap Forwarder, Alarm Forwarder, Archiver, and SMTP Mail Notification.

Alarm Manager Database

The alarm manager database, a repository for alarm information, includes the following:

Processed Alarms

The processed alarm data that is stored in the alarm manager database is supplied to ConsoleOne through the alarm query server. The alarm data is used for alarm and alarm summary presentation and reporting.

Alarm Templates

Alarm Templates are applied to each alarm received by the inbound processor. The alarm template is based on SNMP trap definitions in the MIB or other proprietary definitions for handling the Alarm Management System management and display criteria. When you compile the MIB, the trap definitions are used to create an alarm template that provides a method for presenting and managing alarm data. Proprietary alarm templates are based on proprietary definitions.

For example, when a user tries to log in to a server with an incorrect password, an alarm is generated and forwarded to the management server. The management server processes the alarm by identifying the trap object identifier (OID) and assigns the associated alarm template.

A default template is assigned to an SNMP trap sent by a device that does not have a recognizable OID and is categorized as unknown. In order for a trap OID to be recognized by Alarm Management System, you need to compile the MIB of the device into the MIB Pool on the management server.

Alarm Rules

Alarm Rules govern the handling characteristics of SNMP traps or proprietary alarms. Each Alarm Rule contains a set of Conditions and Actions. For example, Source address, Alarms, Severity, State, and Time Interval are Conditions and Sending SMTP Mail Notification, Trap Forwarding, Archiving, Launching Applications, and Automatic Assignment to User are Actions. An alarm can only satisfy a Rule when it complies to all Conditions and Actions specified in the Rule. When an alarm satisfies a rule, the Actions defined in the Rule perform the specified operations on the alarm.

Archivers

The following three archivers add data to the alarm manager database:

Alarm Archiver

The alarm archiver stores alarm statistics and data in the alarm database. By default, all alarms are archived. If you do not want an alarm to be archived, you can disable the default rule. See Archiving Alarm Statistics for more information.

Rule Server

The Rule Server receives the alarm rule from the Alarm Rule Console and saves it in the alarm manager database.

Template Archiver

The template archiver receives alarm templates from a MIB compiler and saves them in the alarm manager database.

Alarm Viewers

ConsoleOne displays three views of alarm data: the Active Alarm view, the Historical Alarm view, and the Alarm Summary view.

The Active Alarm view displays statistics in ConsoleOne for events occurring on your network. Alarms displayed in the Active Alarm view can either be owned by you or assigned to a group. The tasks that you can perform on an alarm from this view depend on the access rights allowed through the Role-Based Services. The Active Alarm view appends incoming alarms to the list, providing you with the most recent alarms. After an alarm is handled, it is removed from the Active Alarm list.

The Alarm History view displays information about assignments and ownership of alarms. You can track alarms received by the Alarm Management System and verify their handling status from this view.

The Alarm Summary view is a graphical representation of all the alarms that you have received.