The Event Console in Symantec Management Platform displays alerts in a grid layout. This grid may contain thousands of alerts. Alert filters let you sort the alerts so that you can analyze and manage them. You access this grid from Symantec Management Console when you click Manage > Events and Alerts.
The Event Console in Symantec Management Platform contains several rule types that represent automated, event-based actions. The rule types include discarding, forwarding, task, and workflow rules. Discarding rules filter and discard matching alerts. Forwarding rules forward a Simple Network Management Protocol (SNMP) trap to a downstream listener. Task rules initiate Symantec Management Platform task server tasks. Before version 7.1 of the platform, a direct way to initiate a deployed workflow process was unavailable. With the addition of a workflow rule in version 7.1 of the Event Console, an event can automatically start a workflow process. This workflow process can pass along valuable event data.
Previous versions of the platform let you filter alerts into manageable subsets. However, before version 7.1 you did not have the option to save and re-use those filters. Beginning with version 7.1, you can create, save, and re-use filters.
The following alert filtering tools are available on the main Event Console page:
A drop-down list of predefined filters. You can click Actions to see a list of available filtering actions. You can also search by one of the following alert criteria:
Alerts in last 24 hours
Alerts in last 7 days
Critical Alerts in last 24 hours
Critical Alerts Only
Exclude Informational Alerts
Exclude Monitor Alerts
Informational Alerts Only
Major Alerts Only
Monitor Alerts Only
Normal Alerts Only
Undetermined Alerts Only
Warning Alerts Only
A color-coded, left-click Status Progress Bar control. This control lets you see the number of alerts by severity level, as follows:
You can access the color-coded status progress bar control using a left-mouse click. This bar appears in the Alerts pane. When you click a color section on the status bar, the grid view changes. The view shows only those alerts that match the severity level of the color that you clicked. For example, if you click yellow on the status bar, then the grid shows alerts with severity Warning. After you filter by severity level, you may have to select Exclude Informational Alerts or Monitor Alerts Only to see the complete list of alerts again.
Details. Opens the Alert Details dialog box for the selected alert.
Acknowledge. Lets you acknowledge a selected alert. In the State column, a blue flag indicates an acknowledged alert.
Resolve. Flags the selected alert with a check mark in the State column. When you right-click a resolved alert, you can view alert details. You can also view the available rules for discarding the alert or open the Resource Manager in a new window.
If you click Discarding Rules with a resolved alert selected, you can create a global discard filter rule or create a resource discard filter rule.
Actions. When you select an alert and click the down-arrow next to this icon, you see the options that were listed previously in this list. You also see one addition.
When you click any alert, you can manage it by changing its severity to any of the following:
An Alert Filter Settings page for managing the filters that you save and reuse. A tool icon next to the predefined filters drop-down list opens the Alert Filter Settings page. This page is where you can create filters and save them for re-use.