System Expert Event Notification

IMPORTANT OR CRITICAL EVENT NOTIFICATION

System Expert real-time alerts can be delivered to one or more recipients, via e-mail message, alphanumeric pager message or graphical display.

The alert can be raised within minutes of when the event has occurred and is formatted to provide the severity level, machine name, date, time and alert description. Default alerts are provided for many system capacity, hardware/software error, significant O/S activity and security related events. In addition, alerts can be enabled for custom events that should be monitored in "real-time" such as the notification of customer applications which have stopped running.

The critical event monitoring capability may optionally be used to initiate automated recovery activities. When critical or important events are detected, custom recovery programs or shell scripts may be launched at the same time that the alert message is transmitted. This allows for the ability to restart processes when they have been found to have stopped, gracefully shut down applications when device errors have been detected or terminate users when security breaches have been identified.

Important or critical alerts from any monitored system may be easily displayed via the graphical "Events" window provided by System Expert. Administrators using the Events window may choose to receive alerts for all, or a selection of, the monitored systems in their enterprise. Examples of alert messages recieved by the Events window are illustrated below.

Examples:

The event notification subsystem can be configured to Monitor critical processes associated with your business applications. An event notification can be sent when these essential processes stop running, start running or both. The event notification subsystem may also be optionally configured to automatically execute customer written programs or scripts that should be triggered by these events.

The event notification subsystem can be configured to monitor for changes to sensitive files associated with your business applications or the AIX operating system. The event notification subsystem can initiate an alert when it has detected changes to any of these monitored files. Changes to these critical files may indicate a security vulnerability, breach of security policies and possible unauthorized access to sensitive information.

The event notification subsystem can be configured to monitor for any "Failed" and "Successful" attempts to login as root or as any other sensitive administrative account. Unauthorized access to the root account may indicate a significant breach of corporate security as the root account has unlimited permissions and authority to view and change both application and operating system files.

The event notification subsystem can be configured to monitor all file system usage. If a file system associate with a critical business application fills to 100% of its capacity, the business services delivered by that application will be impaired. This could severely impact the service delivered to your users and your customers. The event notification subsystem can initiate an alert when your file systems are filling to capacity and can be configured to extend the file system size if needed. Users may choose when they wish to begin receiving alerts regarding file system thresholds. The default threshold for alert generation is 90% full.

The event notification subsystem continuously monitors the AIX error log, reporting on detected hardware and software error messages. These alerts are critical for managing your system in a pro-active and predictive manner and will assist in reducing problem resolution time and overall system impact. The alert information allows administrators to quickly identify those hardware and software problems that may be intermittent or pervasive.

Note: Default alert thresholds and severity levels may be customized to meet your unique requirements.