Introscope Alert Troubleshooting and Best Practices

Document ID : KB000030083
Last Modified Date : 14/02/2018
Show Technical Document Details


This provides some information on Introscope Alert troubleshooting and best practices.



1. Logging just SNMP alerts

Add the following into the file on the Enterprise Manager:

log4j.logger.Manager.SNMPAlertAction=DEBUG, snmplogfile      
log4j.appender.snmplogfile.layout.ConversionPattern=%d{M/dd/yy hh:mm:ss az} [%-3p] [%c] %m%n log4j.appender.snmplogfile.File=logs/perflog.txt


2. Avoid using Nested Summary Alerts. These can lead to unpredictable alert behavior.  Below is a setup that is not recommended.

Summary A contains Simple alerts 1-3.
Summary B contains Simple Alerts 4-5.

Summary A also contains Summary B.

*With the above setup, a single alert can cause the entire Summary A alert to move to Danger, thus making it appear as a false positive.  Summary alerts are best used to group Simple Alerts together.  It is not recommended to group Summary Alerts together.


3. To track down why a summary alert is a certain color, examine each associated simple alert and find the one with the same color (alert state). Summary alerts inherit from the highest alert condition of the simple alerts.


4. Review your Alert configuration particularly the Resolution and Trigger Alert are set to the perform the desired behavior.  Also double check that you are sure you want to alert when ALL metrics go above the Caution/Danger line or when an individual metric goes above the Caution/Danger line.


5. Check if alert blackout configuration is set up correctly to receive/not receive alerts.


6. Check that the Action configuration is correct if expecting a certain action.


7. To be sure that your alert has cleared, set the Trigger Alert Notification to "Whenever Severity Changes" on your Simple Alert.  This tells you when the alert has triggered and when the alert has cleared.


8. To verify if the alert is not masking a false positive, go directly to the metric in the Investigator to view its behavior.  Sometimes the regex in the metric grouping that the Alert is based on may not configured properly.