4.2 Event Notifications Configuration

A notifier is a selected target, receiving event data when one or several selected event types are generated in the system. In addition, filters may be applied for each selected event type. Notifiers are configured in the Event Notification Editor.

To create a new Event Notification configuration, click the New Configuration button in the upper left part of the Desktop, and then select Event Notification from the menu.

An Event Notification configuration

ItemDescription

Event Notifier Enabled

Select this check box to enable event notification. Note, undirected events are not saved by the system, and can therefore not be retrieved.

Notifier Setup

A Notifier is a target where event messages, configured in the Event Setup, are sent. For instance, to a database table, a log file, or the System Log.

The overall appearance of the message string is also defined in this tab.

Event Setup

In the Event Setup tab, events to catch are defined. If necessary, the message string defined in the Notifier Setup is also modified.

The Notifier Setup Tab

A notifier is defined as the target where event messages are sent. A notifier may output information to any type of database table, log file, SNMP trap, mail, SNS topic, or standard System Log.

Event Notification - Notifier Setup tab

ItemDescription

Notification Type

Select the output type for the notification in this drop-down list. See the detailed descriptions of the notification types in the section below, Notification Type Configurations.

Duplicate Suppression (sec)

Enter the number of seconds during which an identical event is suppressed from being logged. The default value is 0.

Base Configuration

The Base Configuration settings include everything needed for the selected Notification Type, such as the location of a log file, database profile, or credentials, etc. For further information see the section below, Notification Type Configurations.

Target Field Configuration

The Target Field Configuration settings are used for constructing the content of the notification, and they vary depending on which Notification Type you have selected. See the section below, Target Field Configuration.

Notification Type Configuration

The event notification types that you can configure are:

  • Azure Application Insight
  • Database

  • Log File

  • Send Mail

  • Send SNMP Trap

  • Send SNMP Trap, Alarm

  • SNS Topic
  • System Log

Azure Application Insight

You can send event notifications to Azure Application Insight by selecting the Azure Application Insight notification type.

Event Notification - Notification Type Azure Application Insight

ItemDescription
Instrumentation Key

The instrumentation key is generated by Azure when an Application Insight resource is created. It can be found in the Overview page of the Application Insight resource.

Connection StringThe connection string is generated by Azure when an Application Insight resource is created. It can be found in the Overview page of the Application Insight resource.

Example

An example custom event in Application Insight has received an event notification from the system. The event is triggered by the workflow stop APL function in an Analysis agent.

Database

Event fields may be inserted into database tables using either plain SQL statements or calls to stored procedures.


Event Notification - Notification Type Database

ItemDescription

Database

The name of the database in which the table resides. Databases are defined in the Database profile configuration.

SQL Statement

Type in any SQL statement, using '?' for variables that are to be mapped against event fields in the Event Setup tab. Trailing semicolons are not used. In the case of running several statements, they must be embedded in a block.

Log File

Messages may be routed to ordinary text files on the local file system.

 

Event Notification - Notification Type Log File

ItemDescription

Directory

The path to the directory where the file in which events are to be logged resides.

Filename

The name of the file in which events are to be logged. In case the file does not exist, it will be created when the first message for the specific event map arrives. New messages are appended.

Size

The maximum size of the file. When this parameter is exceeded, the existing file is renamed and a new one is created upon the arrival of the next event.

The old file will receive an extension to the file name, according to <date_time_milliseconds_timezone>.

Time

The maximum lifetime of a file before it is rotated. When this parameter is exceeded, the existing file is renamed and a new one is created upon the arrival of the next event.

If the time is set to rotate every:

  • hour, rotation is made at the first full-hour shift which is xx:59.

  • 2 hours, rotation is made in predefined two-hour intervals (0,2,4...22) when turning to the next full hour. For example after 01:59.

  • 3 hours, rotation is made in predefined three-hour intervals (0,3,6, ...21) when turning to the next full hour. For example after 02:59.

  • 4 hours, rotation is made in predefined four-hour intervals (0,4,8, ...20) when turning to the next full hour. For example after 03:59.

  • 6 hours, rotation is made in predefined six-hour intervals (0,6,12 ...21) when turning to the next full hour. For example after 05:59.

  • 8 hours, rotation is made in predefined eight-hour intervals (0,8,16) when turning to the next full hour. For example after 07:59.

  • 12 hours, rotation is made at high noon and at midnight.

  • day, rotation is made at midnight.

  • week, rotation will be done at midnight at the last day of the week.

  • month, rotation will be done at midnight at the last day of the month.

The old file will receive an extension to the file name, according to <date_time_milliseconds_timezone>.

If both Size and Time are set, both behaviors apply.

Separator

Indicates how logged events are separated from one another. Valid options are:

  • Linefeed

  • CR + LF (Carriage return + Linefeed)

  • Comma

  • Colon

  • (None)

Log Line

Text to go into the log file.

For further information, see the section below, Target Field Configuration.

Note!

Do not configure two different Event Notifiers to log information to the same file. Messages may be lost since only one notifier at a time can write to a file. Define one Event Notifier with several Event Setups instead.

Send Mail

It is also possible to send emails to one or several recipients when the specified events occur. Make sure the correct mail parameters have been configured in the platform.conf. You must enter a value for the property mz.notifier.mailfrom. See 2.6.4 Platform Properties in the System Administrator's Guide for further information about the mail properties.

Event Notification - Notification Type Send Mail

ItemDescription
Sender

The label or name to be displayed in the Sender of the mail. The text in the Sender field will not replace the value of the platform.conf property that is set in mz.notifier.mailfrom.

For further information about how to obtain the text, see the section below, Target Field Configuration.

Recipient

Mail address to one or several recipients. Use a comma to separate, if several. Select Add to select mail addresses, configured for available users.

For further information about how to obtain the text, see the section below, Target Field Configuration.

Subject

The subject/heading of the mail. If Event Contents is selected, newlines will be replaced with spaces to make the subject readable. If the string exceeds 100 characters, it is truncated.

For further information about how to obtain the text, see the section below, Target Field Configuration.

Message

The body of the mail message.

For further information about how to obtain the text, see the section below, Target Field Configuration.

Send SNMP Trap

Events may be sent in the form of SNMP traps to systems configured to receive such information. For the MIB definition, see the $MZ_HOME/etc/mz_trap_mib.txt file.

Note!

A new SNMP trap format is now available. For backward compatibility purposes, the previous invalid format will still be used by default. However, if you want to use the new format you can add the property

snmp.trap.format.b

to the platform.conf and set it to true to activate the new values.

You can use the Topo command to set the property snmp.trap.format.b:

$ mzsh topo set topo://container:<container>/pico:platform/val:config.properties.snmp.trap.format.b true


The value of the agent Address field will be taken from the Container property  pico.rcp.server.host .

 

Event Notification - Notification Type Send SNMP Trap

ItemDescription

IP Address

The IP address of the target host.

Port

The port on the target host defined for the SNMP communication.

Community

The community name string used for the authentication process.

Version

A list containing the supported SNMP versions.

User Message

A string that is sent out as SNMP traps.

For further information about how to obtain the text, see the section below, Target Field Configuration.

Send SNMP Trap, Alarm

This notification type is similar to the section above, Send SNMP Trap, with one difference; It is specifically designed to work for Alarm events.

 

Event Notification - Notification Type Send SNMP Trap Alarm

ItemDescription

Target Field Configuration alarm*

Here you configure the content for each field in the alarms. See Target Field Configuration - Log Line, in the section below, Target Field Configuration.

SNS Topic

Selecting this type routes messages, produced by the selected events, as SNS topics to the specified Amazon S3 region.


Event Notification - Notification Type SNS Topic

ItemDescription

Access Key

Enter the access key for the user who owns the Amazon S3 account in this field.

Secret Key

Enter the secret key for the stated access key in this field.

RegionEnter the name of the Amazon S3 region in this field.
Topic

The SNS topic.

For further information about how to obtain the text, see the section below, Target Field Configuration.

Message

The body of the topic.

For further information about how to obtain the text, see the section below, Target Field Configuration.

System Log

Selecting this type routes messages, produced by the selected events, to the standard System Log. The Contents field from each event is used as the message in the log.

 

Event Notification - Notification Type System Log

Note!

Do not route frequent events to the System Log. Purging a large log might turn into a performance issue. If still doing that, keep the log size at a reasonable level by applying the System Task System Log Cleaner. For further details see System Log Cleaner in 3.1.1 Workflow Types.

Target Field Configuration

Some of the notifier types have one or many parameters that may be dynamically populated by data from an event. These parameters are configured in the Target Field Configuration panel.

Depending on the parameter type, there will be one or several population types available in the list next to it.

Manual

Selecting Manual allows the user to hard code a value, and thus gives no possibility to select any dynamic values to be embedded in the message. The value entered will be assigned to the parameter exactly as typed.

 

Target Field Configuration - Log Line

Event Field

Selecting Event Field allows the user to assign the value of one specific event field to the parameter. For further information about fields valid for selections, see the section below, Event Fields.

Event Contents

Selecting Event Contents assigns the event value of each event's Contents field to the parameter. All event types have suitable event content text. For instance, referring to the example in the figure Events Can Be Customized to Suit Any Target in 4. Event Notifications, the Event Contents string will be:

Username: mzadmin3, Action: Notifier AnumberEvents updated.

Another example; the following string is reported for a User Defined Event:

Workflow name: <name>, Agent name: <name>, Message: <string>

The Message string originates from the dispatchMessage function. Note that nothing will be logged unless dispatchMessage is used. Also in this case, the Field Maps in the Event Setup will be disabled.

Note!

The same result is achieved when selecting Event Field/strong as Log Line, and then selecting Contents as mapping (the Event Setup tab).

Formatted

Selecting Formatted allows the user to enter text combined with variable names, which are assigned event field values in the Event Setup tab.

 

Each variable in Notifier Setup has its own Notifier Field in Event Setup - Send Mail

For each variable entered in a field with the Formatted option selected, a notifier field will be added in the Event Setup tab where you can then assign event field values.

Variable names must be preceded by a $, started with a letter, and be comprised of a sequence of letters, digits, or underscores.

 

Target Field Configuration - Log Line

The settings in the screenshot above will be interpreted as containing the variables 'NO' and 'ANUM'.

Event Setup Tab

In the Event Setup tab, parameters that are populated by using the type Event FieldFormatted (with variables) or SQL, can be assigned with their values from selected event fields. Also, the event types to catch are configured.

 

Event Notification - Event Setup tab

ItemDescription
Filter

The Filter table enables you to configure the event types to catch. For each event type, a filter may be defined to allow, for instance, a specific Workflow and two specific event severities to pass.

Besides filtering on existing values (for instance Workflow name) it is possible to filter using regular expressions and hard coded strings. Regular expressions according to Java syntax applies. For further information see http://java.sun.com/javase/6/docs/api/java/util/regex/Pattern.html

Event Field Name

The contents of this column varies depending on the selected event type. For further information about different events, see the section below, Event Fields.

Note that only fields of string type are visible.

Match Value(s)

The filtering criteria that defines what events to catch. Double-clicking a cell opens the Edit Match Value dialog box, from which you select a value.

However, these values are only suggestions. You can also use hard coded strings and regular expressions.

Example

For example, entering:

.*idle.*

will match any single lines containing "idle".

Some fields also contain several lines, so entering:

(?s).*idle.*

will match any multi-line content containing "idle".

The default value for each of the components is All.

Note!

Some of the Event Fields let you select from four Match Value types: Information, Warning, Error, or Disaster. For the rest of the Event Fields Match Value you use a string. Make sure you enter the exact string format of the relevant Match value. For example the Event Field timestamp can be matched against the string format yyyy-mm-dd.

Field MapMaps variables against event fields. The Field Map table exists only if any of the parameters for the selected notifier type is set to Formatted, Event Field or SQL
Notifier Field

States the Notifier parameter available in the Notifier Setup tab.

If a specific parameter has more than one variable, it will claim one line per variable.

VariableThe name of the variable, as entered in the Notifier Setup tab. If the parameter type is Event Field, this field will be empty.
Event FieldDouble-clicking a cell will display a list, from which the event field, to obtain values, is selected.
Add Event...Enables you to add an event that you generate by a call from an APL- or Ultra code in the workflow configuration. Click Add Event to configure your event; the new event type is added as a separate tab in the Event Setup.
Remove Event...Removes the currently selected event type tab in the Event Setup dialog.
Refresh Field MapUpdates the Field Map table. Required if parameter population types or formatting fields have been modified in the Notifier Setup tab.

Event Fields

An event is an object containing information related to an event in . For example, there are Workflow State events that are emitted each time the state of a workflow is changed.

The Event Notification configuration subscribes to these events and routes them to notifiers, for example, log files or a database.

An Event Type is comprised of a set of fields containing the original event message, a set of standard workflow-related information, and event-specific fields that are the parameters of the original event message.

 

An Event Message contains information ordered in fields

All event types in the system inherit fields from the Base event type. Workflow-related events inherit fields related to the Workflow event as well, such as agentName. In addition to these, User Defined Events will receive any fields as defined by the user.

There are two types (hierarchies) of events:

  • User Defined events.

  • Events inherited from a Base event (all other events), with additional information added.

The user-defined event must be configured in an Ultra Format configuration. Other than the fields entered by the user, the system will automatically add basic fields. User Defined Events may only be dispatched from an agent using APL, i e Analysis or Aggregation.

 

User-defined events are sent from Analysis or Aggregation agents

Fields added by the user must be populated manually by using APL commands, while the basic fields are populated automatically. From the basic fields, only category and severity may be assigned values. The other basic fields are read-only, hence it is not possible to assign values to them.