4.2 Event Notifications Configuration
A notifier is a selected target, receiving event data when one or several selected event types are generated in the system. In addition, filters may be applied for each selected event type. Notifiers are configured in the Event Notification Editor.
To create a new Event Notification configuration, click the New Configuration button in the upper left part of the Desktop, and then select Event Notification from the menu.
An Event Notification configuration
Item | Description |
---|---|
Event Notifier Enabled | Select this check box to enable event notification. Note, undirected events are not saved by the system, and can therefore not be retrieved. |
Notifier Setup | A Notifier is a target where event messages, configured in the Event Setup, are sent. For instance, to a database table, a log file, or the System Log. The overall appearance of the message string is also defined in this tab. |
Event Setup | In the Event Setup tab, events to catch are defined. If necessary, the message string defined in the Notifier Setup is also modified. |
The Notifier Setup Tab
A notifier is defined as the target where event messages are sent. A notifier may output information to any type of database table, log file, SNMP trap, mail, SNS topic, or standard System Log.
Event Notification - Notifier Setup tab
Item | Description |
---|---|
Notification Type | Select the output type for the notification in this drop-down list. See the detailed descriptions of the notification types in the section below, Notification Type Configurations. |
Duplicate Suppression (sec) | Enter the number of seconds during which an identical event is suppressed from being logged. The default value is 0. |
Base Configuration | The Base Configuration settings include everything needed for the selected Notification Type, such as the location of a log file, database profile, or credentials, etc. For further information see the section below, Notification Type Configurations. |
Target Field Configuration | The Target Field Configuration settings are used for constructing the content of the notification, and they vary depending on which Notification Type you have selected. See the section below, Target Field Configuration. |
Notification Type Configuration
The event notification types that you can configure are:
- Azure Application Insight
Database
Log File
Send Mail
Send SNMP Trap
Send SNMP Trap, Alarm
- SNS Topic
System Log
Azure Application Insight
You can send event notifications to Azure Application Insight by selecting the Azure Application Insight notification type. Event Notification - Notification Type Azure Application Insight The instrumentation key is generated by Azure when an Application Insight resource is created. It can be found in the Overview page of the Application Insight resource. Example An example custom event in Application Insight has received an event notification from the system. The event is triggered by the workflow stop APL function in an Analysis agent.Item Description Instrumentation Key Connection String The connection string is generated by Azure when an Application Insight resource is created. It can be found in the Overview page of the Application Insight resource.
Database
Event fields may be inserted into database tables using either plain SQL statements or calls to stored procedures.
Event Notification - Notification Type Database
Item | Description |
---|---|
Database | The name of the database in which the table resides. Databases are defined in the Database profile configuration. |
SQL Statement | Type in any SQL statement, using '?' for variables that are to be mapped against event fields in the Event Setup tab. Trailing semicolons are not used. In the case of running several statements, they must be embedded in a block. |
Log File
Messages may be routed to ordinary text files on the local file system.
Event Notification - Notification Type Log File
Item | Description |
---|---|
Directory | The path to the directory where the file in which events are to be logged resides. |
Filename | The name of the file in which events are to be logged. In case the file does not exist, it will be created when the first message for the specific event map arrives. New messages are appended. |
Size | The maximum size of the file. When this parameter is exceeded, the existing file is renamed and a new one is created upon the arrival of the next event. The old file will receive an extension to the file name, according to |
Time | The maximum lifetime of a file before it is rotated. When this parameter is exceeded, the existing file is renamed and a new one is created upon the arrival of the next event. If the time is set to rotate every:
The old file will receive an extension to the file name, according to If both Size and Time are set, both behaviors apply. |
Separator | Indicates how logged events are separated from one another. Valid options are:
|
Log Line | Text to go into the log file. For further information, see the section below, Target Field Configuration. |
Note!
Do not configure two different Event Notifiers to log information to the same file. Messages may be lost since only one notifier at a time can write to a file. Define one Event Notifier with several Event Setups instead.
Send Mail
It is also possible to send emails to one or several recipients when the specified events occur. Make sure the correct mail parameters have been configured in the platform.conf
. You must enter a value for the property mz.notifier.mailfrom
. See 2.6.4 Platform Properties in the System Administrator's Guide for further information about the mail properties.
Event Notification - Notification Type Send Mail
Item | Description |
---|---|
Sender | The label or name to be displayed in the Sender of the mail. The text in the Sender field will not replace the value of the For further information about how to obtain the text, see the section below, Target Field Configuration. |
Recipient | Mail address to one or several recipients. Use a comma to separate, if several. Select Add to select mail addresses, configured for available users. For further information about how to obtain the text, see the section below, Target Field Configuration. |
Subject | The subject/heading of the mail. If Event Contents is selected, newlines will be replaced with spaces to make the subject readable. If the string exceeds 100 characters, it is truncated. For further information about how to obtain the text, see the section below, Target Field Configuration. |
Message | The body of the mail message. For further information about how to obtain the text, see the section below, Target Field Configuration. |
Send SNMP Trap
Events may be sent in the form of SNMP traps to systems configured to receive such information. For the MIB definition, see the $MZ_HOME/etc/mz_trap_mib.txt
file.
Note!
A new SNMP trap format is now available. For backward compatibility purposes, the previous invalid format will still be used by default. However, if you want to use the new format you can add the property
snmp.trap.format.b
to the platform.conf
and set it to true
to activate the new values.
You can use the Topo command to set the property snmp.trap.format.b
:
$ mzsh topo set topo://container:<container>/pico:platform/val:config.properties.snmp.trap.format.b true
The value of the agent Address field will be taken from the Container property pico.rcp.server.host
.
Event Notification - Notification Type Send SNMP Trap
Item | Description |
---|---|
IP Address | The IP address of the target host. |
Port | The port on the target host defined for the SNMP communication. |
Community | The community name string used for the authentication process. |
Version | A list containing the supported SNMP versions. |
User Message | A string that is sent out as SNMP traps. For further information about how to obtain the text, see the section below, Target Field Configuration. |
Send SNMP Trap, Alarm
This notification type is similar to the section above, Send SNMP Trap, with one difference; It is specifically designed to work for Alarm events.
Event Notification - Notification Type Send SNMP Trap Alarm
Item | Description |
---|---|
Target Field Configuration alarm* | Here you configure the content for each field in the alarms. See Target Field Configuration - Log Line, in the section below, Target Field Configuration. |
SNS Topic
Selecting this type routes messages, produced by the selected events, as SNS topics to the specified Amazon S3 region.
Event Notification - Notification Type SNS Topic
Item | Description |
---|---|
Access Key | Enter the access key for the user who owns the Amazon S3 account in this field. |
Secret Key | Enter the secret key for the stated access key in this field. |
Region | Enter the name of the Amazon S3 region in this field. |
Topic | The SNS topic. For further information about how to obtain the text, see the section below, Target Field Configuration. |
Message | The body of the topic. For further information about how to obtain the text, see the section below, Target Field Configuration. |
System Log
Selecting this type routes messages, produced by the selected events, to the standard System Log. The Contents field from each event is used as the message in the log.
Event Notification - Notification Type System Log
Note!
Do not route frequent events to the System Log. Purging a large log might turn into a performance issue. If still doing that, keep the log size at a reasonable level by applying the System Task System Log Cleaner. For further details see System Log Cleaner in 3.1.1 Workflow Types.
Target Field Configuration
Some of the notifier types have one or many parameters that may be dynamically populated by data from an event. These parameters are configured in the Target Field Configuration panel.
Depending on the parameter type, there will be one or several population types available in the list next to it.
Manual
Selecting Manual allows the user to hard code a value, and thus gives no possibility to select any dynamic values to be embedded in the message. The value entered will be assigned to the parameter exactly as typed.
Target Field Configuration - Log Line
Event Field
Selecting Event Field allows the user to assign the value of one specific event field to the parameter. For further information about fields valid for selections, see the section below, Event Fields.
Event Contents
Selecting Event Contents assigns the event value of each event's Contents field to the parameter. All event types have suitable event content text. For instance, referring to the example in the figure Events Can Be Customized to Suit Any Target in 4. Event Notifications, the Event Contents string will be:
Username: mzadmin3, Action: Notifier AnumberEvents updated.
Another example; the following string is reported for a User Defined Event:
Workflow name: <name>, Agent name: <name>, Message: <string>
The Message string originates from the dispatchMessage
function. Note that nothing will be logged unless dispatchMessage
is used. Also in this case, the Field Maps in the Event Setup will be disabled.
Note!
The same result is achieved when selecting Event Field/strong as Log Line, and then selecting Contents as mapping (the Event Setup tab).
Formatted
Selecting Formatted allows the user to enter text combined with variable names, which are assigned event field values in the Event Setup tab.
Each variable in Notifier Setup has its own Notifier Field in Event Setup - Send Mail
For each variable entered in a field with the Formatted option selected, a notifier field will be added in the Event Setup tab where you can then assign event field values.
Variable names must be preceded by a $, started with a letter, and be comprised of a sequence of letters, digits, or underscores.
Target Field Configuration - Log Line
The settings in the screenshot above will be interpreted as containing the variables 'NO' and 'ANUM'.
Event Setup Tab
In the Event Setup tab, parameters that are populated by using the type Event Field, Formatted (with variables) or SQL, can be assigned with their values from selected event fields. Also, the event types to catch are configured.
Event Notification - Event Setup tab
Item | Description |
---|---|
Filter | The Filter table enables you to configure the event types to catch. For each event type, a filter may be defined to allow, for instance, a specific Workflow and two specific event severities to pass. Besides filtering on existing values (for instance Workflow name) it is possible to filter using regular expressions and hard coded strings. Regular expressions according to Java syntax applies. For further information see http://java.sun.com/javase/6/docs/api/java/util/regex/Pattern.html |
Event Field Name | The contents of this column varies depending on the selected event type. For further information about different events, see the section below, Event Fields. Note that only fields of |
Match Value(s) | The filtering criteria that defines what events to catch. Double-clicking a cell opens the Edit Match Value dialog box, from which you select a value. However, these values are only suggestions. You can also use hard coded strings and regular expressions. Example For example, entering: .*idle.* will match any single lines containing "idle". Some fields also contain several lines, so entering: (?s).*idle.* will match any multi-line content containing "idle". The default value for each of the components is All. Note! Some of the Event Fields let you select from four Match Value types: Information, Warning, Error, or Disaster. For the rest of the Event Fields Match Value you use a string. Make sure you enter the exact string format of the relevant Match value. For example the Event Field timestamp can be matched against the string format yyyy-mm-dd. |
Field Map | Maps variables against event fields. The Field Map table exists only if any of the parameters for the selected notifier type is set to Formatted, Event Field or SQL. |
Notifier Field | States the Notifier parameter available in the Notifier Setup tab. If a specific parameter has more than one variable, it will claim one line per variable. |
Variable | The name of the variable, as entered in the Notifier Setup tab. If the parameter type is Event Field, this field will be empty. |
Event Field | Double-clicking a cell will display a list, from which the event field, to obtain values, is selected. |
Add Event... | Enables you to add an event that you generate by a call from an APL- or Ultra code in the workflow configuration. Click Add Event to configure your event; the new event type is added as a separate tab in the Event Setup. |
Remove Event... | Removes the currently selected event type tab in the Event Setup dialog. |
Refresh Field Map | Updates the Field Map table. Required if parameter population types or formatting fields have been modified in the Notifier Setup tab. |
Event Fields
An event is an object containing information related to an event in . For example, there are Workflow State events that are emitted each time the state of a workflow is changed.
The Event Notification configuration subscribes to these events and routes them to notifiers, for example, log files or a database.
An Event Type is comprised of a set of fields containing the original event message, a set of standard workflow-related information, and event-specific fields that are the parameters of the original event message.
An Event Message contains information ordered in fields
All event types in the system inherit fields from the Base event type. Workflow-related events inherit fields related to the Workflow event as well, such as agentName
. In addition to these, User Defined Events will receive any fields as defined by the user.
There are two types (hierarchies) of events:
User Defined events.
Events inherited from a Base event (all other events), with additional information added.
The user-defined event must be configured in an Ultra Format configuration. Other than the fields entered by the user, the system will automatically add basic fields. User Defined Events may only be dispatched from an agent using APL, i e Analysis or Aggregation.
User-defined events are sent from Analysis or Aggregation agents
Fields added by the user must be populated manually by using APL commands, while the basic fields are populated automatically. From the basic fields, only category and severity may be assigned values. The other basic fields are read-only, hence it is not possible to assign values to them.