Granular Event Management Overview

Granular Event Management (GEM) provides a customized and controlled manner in which events are managed and alerts are created. On the Console panel, GEM allows you to systematically configure each sub-component of your alert in order for the alert to best accommodate your needs.

The GEM alert has multiple sub-components, some of which have further subcomponents. It is not necessary to configure all sub-components prior to creating an alert.

•

Severities: Severity is used to tag an alert as Critical, Warning, Information, or a custom severity level. You can create your own preferred severities and assign the order of importance to them from lowest to highest. When using a custom severity, you must define it before creating a threshold that uses it.

•

Thresholds: A threshold defines the condition that must be matched to trigger an event and send an alert. Each threshold is associated with a Severity to tag the generated alert as critical, warning, or another value. You must define a threshold prior to creating an alert that uses it. One or more threshold elements are defined within a threshold. Each threshold element includes an Operator, a Value, and a Severity. When a value is received for an alert type, the GEM framework examines threshold elements to find a match for the specified condition. If a match is found (one or more conditions match), the threshold with the highest severity containing a matching element is used to trigger an event.

•	Schedules: You can use Schedules to specify the day(s) and time (intervals) in which to send an alert. You can also invert a schedule, which means that the schedule is the opposite of the time specified in it. For example:

•	Send an alert during weekdays only, or weekends only, or only during business hours.

•	Do not send an alert during a time period when the unit, network, or database are down for maintenance.

•	Destinations: You can use Destinations to define where the alerts are sent. The destination(s) for an alert are specified in the Add Alert or Edit Alert screen. You can specify up to five destinations for an alert, such as multiple email addresses. For example:

•	Send an alert to the Unit owner all the time.

•	Send an alert to a GMS user during business hours.

•	Send an alert to the admin also during non-business hours for immediate attention.

•	Alert types: Alert Types are pre-defined, static parameters and are not customizable. Alert types are used with threshold elements that define conditions that can trigger an event. Some example alert types are:

•	Unit Up-Down Alert type

•	VPN SA is UP-Down, Enable-Disable

You must configure three of these components in order to create alerts:

•	Severities - You can use the pre-defined defaults or create your own Severities.

•	Thresholds - You can use the pre-defined defaults or create your own thresholds.

•	Schedules - You can use the pre-defined defaults or create your own Schedules.

These can be configured in the Console > Events screens. After you configure these elements in Console > Events, you can also create alerts in the Firewall, SRA, CDP, and ES Tabs.

The Super Admin (admin@LocalDomain) user is able to add a new Severity, Threshold, Schedule, Schedule Group, or Alert into any domain. Other administrative users might only create/edit objects within their own domain.

The GEM process flow is illustrated below. As you can see, you begin by configuring Severities and end with creating Alerts.

Figure 6. GEM process