SevOne logo
You must be logged into the NMS to search.

Table of Contents (Start)

Create and Edit Policies

The Policy Editor enables you to create and edit policies.

To access the Policy Editor from the navigation bar, click the Events menu, select Configuration, and then select Policy Browser to display the Policy Browser. On the Policy Browser, click Create Policy at the top of the page or click a policy name in the list.

images/download/attachments/64686602/createandeditpolicies.png

The Policy Editor enables you to define a policy. When you finish the policy definition, click one of the following buttons.

  • When you edit a policy, click Save to save the policy changes.

  • Click Save as New to create a copy of the policy.

Define Policy General Settings

The General Settings tab enables you to define the basic policy settings.

  1. Select the Enable check box to make the policy and all of its thresholds active. Disabled policies appear in light text on the Policy Browser.

  2. Click the Technology Type drop-down.

    • Select Flow to create a policy that triggers based on flow data.

    • Select Metric to create a policy that triggers based on any data except flow data.

  3. In the Name field, enter a unique name for the policy.

  4. Click the drop-down.

    • Select Device Group, then click the corresponding drop-down and select one or more device group/device type to trigger the policy.

    • Select Object Group, then click the corresponding drop-down and select one or more object group to trigger the policy.

  5. Group Relationship field allows you to associate multiple device or object groups to a policy. Click the drop-down to choose one of the following options.

    • Member of Any - if the device or object is in any of the selected group(s) then the device or object will be used in the policy. It includes devices or objects as an OR operator. For example, devices or objects that are either in Group 1 OR in Group 2 OR in Group 3.

    • Member of All - if the device or object belongs to all the groups then the device or group will be used in the policy. It includes devices or objects as an AND operator. For example, devices or objects that are in Group 1 AND in Group 2 AND in Group 3.

  6. For Technology Type Metric policies:

    • Click the Object Type drop-down and select an object type. You cannot edit the object type or object subtype after you save a policy.

    • Select the Show Common Subtypes check box to display only the subtypes you mark as common on the Object Subtype Manager in the Subtype drop-down list in next step.

    • Click the Subtype drop-down and select a subtype.

  7. Click the Severity drop-down and select the severity to display on the Alerts page when the policy triggers an alert.

  8. Click the Folder Name drop-down and select a folder from the folder hierarchy. A policy cannot be added to All Policies or Selfmon Alerts folders as these folders are non-editable.

  9. Click the Schedule Edit link to display a pop-up that enables you define the times and/or dates for the policy to run. See the Schedule section below.

  10. Click the Email Edit link to display a pop-up that enables you to define email options. You can email the alerts that a policy generates to any valid email address. See the Email section below.

  11. Click the Trap Destinations Edit link to display a pop-up that enables you to select where to send traps from the policy.

    • Select the System Default check box to send traps to the trap destinations you designate as system defaults on the Trap Destination Associations page.

    • Select the Device Default check box to send traps to the trap destinations you define for the device on the Edit Device page.

    • Select the Policy Specific check box above the list of trap destinations and then select the check box for each specific destination to which the policy is to send traps.

  12. Select the Append Condition Message check box to append the custom messages you define for each condition to the trigger message you define on the Trigger Conditions tab and to the clear message you define on the Clear Conditions tab.

    • You define the Trigger Message for all trigger conditions on the Trigger Conditions tab. See the Trigger Condition section below.

    • You define the Clear Message for all clear conditions on the Clear Conditions tab. See the Clear Condition section below.

    • You define a Custom Message for each individual trigger condition and for each individual clear condition when you define each individual condition. See the Create and Edit Conditions section below.

  13. In the Description field, enter the description of the policy. This only appears when you define the policy.

  14. When Technology Type > Flow thresholds is selected, the following fields are also available.

    1. Click the Aggregated view drop-down and select the FlowFalcon view to use in FlowFalcon reports in which to display the data that triggered the threshold.

    2. Click the Filter drop-down and select the filter to use in the FlowFalcon report associated with the threshold.

    3. Click the Direction drop-down and select the flow direction to trigger the threshold.

Schedule

The alert engine runs every three minutes to retest all policies. The Schedule pop-up enables you to define specific time spans for when you want to enable or disable the alert engine to test the policy. If you do not define a schedule, the alert engine tests the policy every three minutes until you disable the policy.

images/download/attachments/64686602/scheduling.png

The Periodic tab enables you to define a regularly occurring time span to either enable or disable the policy.

  1. Select one of the following options.

    • Select Disable During This Time to disable the policy for the days and/or times you define on the Periodic tab.

    • Select Enable During This Time to enable the policy for the days and/or times you define on the Periodic tab.

  2. Select the check box next to each day for the policy to be enabled/disabled (dependent on the option you select in the previous step).

  3. In the Start Time fields, enter the start time.

  4. In the End Time fields, enter the end time.

  5. Click the Time Zone drop-down and select a time zone.

  6. Click Add to add the periodic schedule to the list of schedules.

  7. Repeat the steps on the Periodic tab to add additional schedules. Schedules are checked in the sequence in which they appear in the list and the first applicable schedule is applied to the policy. If no schedule is applicable, the policy is enabled by default.

The Schedule tab enables you to schedule a specific time span to either enable or disable the policy.

  1. Select one of the following options.

    • Select Disable During This Time to disable the policy for the time span you define on the Schedule tab.

    • Select Enable During This Time to enable the policy for the time span you define on the Schedule tab.

  2. Click in the Start Date field to display a calendar. Use the calendar to select the date to start the time span to enable/disable the policy (dependent on the option you select in the previous step).

  3. Enter the start time.

  4. Click in the End Date field to display a calendar. Use the calendar to select the date to end the time span to enable/disable the policy.

  5. Enter the end time.

  6. Click the Time Zone drop-down and select a time zone.

  7. Click Add to add the schedule to the list of schedules.

  8. Repeat the steps on the Schedule tab to add additional schedules to the list. Schedules are checked in the sequence in which they appear in the list and the first applicable schedule is applied to the policy. If no schedule is applicable, the policy is enabled by default.

  9. Click Close to save the schedule settings.

Email

The Email pop-up enables you to define who should receive emails when the policy triggers an alert. You can email policy alerts to valid email addresses and to the users and user roles you define in SevOne NMS. There is no limit to the number of email recipients.

Perform the following steps in the Addresses section.

  1. In the left Addresses field, enter the email address for a recipient.

  2. Move the address to the right Addresses field.

  3. Repeat the previous steps to add additional email addresses. Email addresses that appear in the right field receive an email when the policy triggers an alert.

Perform the following steps in the Users section.

  1. In the left Users field, select the user to receive alert emails (use the Ctrl or Shift keys to multi-select).

  2. Move the users you select to the right Users field. Users that appear in the right Users field receive an email when the policy triggers an alert.

Click the Roles drop-down and select the check box for each user role whose members are to receive an email when the policy triggers an alert.

Select one of the following options.

  • Select Just Once to only send one email when the policy triggers the first occurrence of an alert. All subsequent occurrences (until the alert is cleared) are not emailed. This prevents an email from being sent every three minutes when a device is down.

  • Select One Time Every, enter a number in the text field, then click the drop-down and select minutes, hours, or days to send multiple emails when the policy triggers alerts.

Click Close to save the email settings.

Trigger Conditions

The Trigger Conditions tab enables you to define the conditions to trigger the policy and to define the trigger message.

Should you choose to define a trigger condition, and then you choose to define a clear condition that is contradictory, the trigger condition takes precedence.

  • You define a trigger condition to trigger an alert when something is greater than 10.

  • You define a clear condition to clear the alert when the same thing is greater than 20.

If the thing is 25, the alert will trigger and the alert will not be cleared.

images/download/attachments/64686602/policyTriggerConditions.png

The object type and subtype you select on the General Settings tab displays in the upper section on the tab.

  1. In the Trigger Message field, enter the message to display for the policy on the Alerts page. On the Alerts page, the trigger message appears as Threshold triggered - <trigger message you enter here>. The custom message for each trigger condition appends to this trigger message when you select the Append Condition Message check box on the General tab and you enter a custom message for each trigger condition. See the Create and Edit Conditions section below. Trigger messages support a variety of variables that allow you to customize your alerts to be as detailed as possible. The following variables are supported for Trigger Messages:

    • $deviceName displays the name of the device that triggered the condition.

    • $deviceAltName displays the alternate name of the triggered device.

    • $groupName displays the device group or type of the triggered device.

    • $deviceIp displays the IP address of the triggered device.

    • $deviceId displays the triggered device's ID.

    • $policyId displays the ID of the policy triggered.

    • $policyName displays the name of the policy triggered.

    • $alertState displays the severity status of the policy occurring. For example, Emergency or Debug.

    • $alertType displays the technology type of the policy occurring.

    • $thresholdId displays the ID of the threshold triggered.

    • $thresholdName displays the name of the threshold that was triggered.

    Custom message variables are not available for Flow thresholds.

  2. For Technology Type Flow policies, in the Duration field, enter the length of time for the condition to exist before the trigger condition triggers the policy. The value you enter here is multiplied by the length of time you enter as the Write Interval on the Cluster Manager > Cluster Settings tab.

    The Write Interval displays next to this field. The default write interval is 60 seconds. If you want the trigger condition to exist for five minutes before the policy is triggered, enter 5 in the duration field. If the write interval has been changed, you will need to do some math here.

  3. Click images/download/attachments/64686602/actionold.png in the Conditions section to manage the trigger conditions.

    • Select Create New to add a new condition to the policy. See the Create and Edit Conditions section below.

    • Select the check box for each condition to delete, then select Delete Selected to delete then click to delete the conditions you select.

    • Select the check box for each condition to add to a rule, then select Add to Rule <n> to add the conditions to a specific rule.

  4. Click images/download/attachments/64686602/editpencil.png in the Edit column to display the Edit Conditions pop-up. See the Create and Edit Conditions section below.

  5. Click images/download/attachments/64686602/actionold.png in the Rules section to manage the trigger condition rules.

    • Select Create New to add a new rule to the condition. Rule numbers are sequential. Each condition for a rule is treated as an AND Boolean operator. Add a new rule to create an OR Boolean operator. See the Boolean Operators section below.

    • Select the check box for each rule to delete, then select Delete Selected to delete the rules you select.

  6. Click images/download/attachments/64686602/delete.png in the Conditions column to remove a condition from a rule.

    If you add a condition when no rule exists, the condition is assigned to Rule 1 using the AND Boolean operator.

  7. For Webhooks, an HTTP request can be invoked to the URL location when an alert is triggered. Verb (GET, POST, PUT, PATCH, DELETE) and URL are required to be defined.

    1. For Metric technology type policies, the acceptable URL variables are:

      • $alertId - The id of the triggered alert.

      • $alertMessage - The message of the cleared alert.

      • $deviceId - The device id of the triggered alert.

      • $deviceIp - The IP address of the device of the triggered alert.

      • $deviceName - The device name of the triggered alert.

      • $objectName - The object name of the triggered alert.

      • $objectAltName - The object alternate name of the triggered alert.

      • $objectDescription - The description of the object of the triggered alert.

      • $pluginName - The short name for the plugin. For example, SNMP.

      • $pluginDescription - The description of the plugin. For example, SNMP Poller.

      The acceptable message variables are:

      • $alertId - The id of the triggered alert.

      • $alertMessage - The message of the cleared alert.

      • $alertType - The technology type of the policy.

      • $alertState - The severity of the policy. For example, Emergency or Debug.

      • $occurrences - How many times alert is triggered.

      • $firstSeen - The first time this alert is triggered.

      • $lastSeen - The last time this alert is triggered.

      • $assignedTo - To which user this alert is assigned to.

      • $deviceId - The device id of the triggered alert.

      • $deviceIp - The IP address of the device of the triggered alert.

      • $deviceName - The device name of the triggered alert.

      • $deviceAltName - The alternate name of the device that triggered the policy.

      • $groupName - The device group/device type that contains the device that triggered the policy.

      • $objectId - The object id of the triggered alert.

      • $objectName - The object name of the triggered alert.

      • $objectAltName - The object alternate name of the triggered alert.

      • $objectDescription - The description of the object of the triggered alert.

      • $pluginName - The short name for the plugin. For example, SNMP.

      • $pluginDescription - The description of the plugin. For example, SNMP Poller.

      • $policyId - The id of the policy.

      • $policyName - The name of the policy which was triggered.

      • $thresholdId - The id of the threshold.

      • $thresholdName - The name of the threshold.

    2. For Flow type policies, the acceptable URL variables are:

      • $alertId - The id of the triggered alert.

      • $alertMessage - The message of the cleared alert.

      • $deviceId - The device id of the triggered alert.

      • $deviceIp - The IP address of the device of the triggered alert.

      • $deviceName - The device name of the triggered alert.

      The acceptable message variables are:

      • $alertId - The id of the triggered alert.

      • $alertMessage - The message of the cleared alert.

      • $alertType - The technology type of the policy.

      • $alertState - The severity of the policy. For example, Emergency or Debug.

      • $occurrences - How many times alert is triggered.

      • $firstSeen - The first time this alert is triggered.

      • $lastSeen - The last time this alert is triggered.

      • $assignedTo - To which user this alert is assigned to.

      • $deviceId - The device id of the triggered alert.

      • $deviceIp - The IP address of the device of the triggered alert.

      • $deviceName - The device name of the triggered alert.

      • $deviceAltName - The alternate name of the device that triggered the policy.

      • $groupName - The device group/device type that contains the device that triggered the policy.

      • $policyId - The id of the policy.

      • $policyName - The name of the policy which was triggered.

      • $thresholdId - The id of the threshold.

      • $thresholdName - The name of the threshold.

      At present, Webhooks can only be configured on Policies. When adding Thresholds, although Webhooks are visible, they are disabled and cannot be configured.

    3. Buttons to populate default message into Webhooks body and for the ability to test.

      • Default Body - Populates a default message body into the Webhook body. If there is already a message in the Webhook body, it will clear the existing message and repopulate it with the default message.

        Default message populated
        Alert $alertId - SEVERITY: $alertState
        Triggered: $lastSeen
        Message: $alertMessage
      • Test Webhook - Provides testing ability for the Webhook to the configured destination. It populates the result for the user, including the status code, response header, and body.

        Example

        images/download/attachments/64686602/policyTriggerConditions-TestWebhook.png

Clear Conditions

The Clear Conditions tab enables you to define the conditions to clear the alert.

images/download/attachments/64686602/policyClearConditions.png

If you do not define a clear condition, alerts triggered by the trigger condition display on the Alerts page until you manually acknowledge the alert. The object type and subtype you select on the General Settings tab displays in the upper section on the tab.

  1. In the Clear Message field, enter the message to display for the policy on the Alert Archives. On the Alert Archives the clear message appears as Threshold cleared - <clear message you enter here>. The custom message for each clear condition appends to this clear message when you select the Append Condition Message check box on the General tab and you enter a custom message for each condition. See the Create and Edit Conditions section below. This message supports the same set of variables that a Trigger Message would support from Trigger Conditions tab. Custom message variables are not available for Flow policies.

  2. For Technology Type Flow policies, in the Duration field, enter the length of time for the condition to not exist before the clear condition clears the policy. The value you enter here is multiplied by the length of time you enter as the Write Interval on the Cluster Manager > Cluster Settings tab.

  3. Click images/download/attachments/64686602/actionold.png in the Conditions section to manage the clear conditions.

    • Select Create New to add a new condition to the policy. See the Create and Edit Conditions section below.

    • Select the check box for each condition to delete, then select Delete Selected to delete the conditions you select.

    • Select the check box for each condition to add to a rule, then select Add to Rule <n> to add the conditions to a specific rule.

  4. Click images/download/attachments/64686602/editpencil.png in the Edit column to display the Edit Conditions pop-up. See the Create and Edit Conditions section below.

  5. Click images/download/attachments/64686602/actionold.png in the Rules section to manage the clear condition rules.

    • Select Create New to add a new rule to the condition. See the Boolean Operators section below.

    • Select the check box for each rule to delete, then select Delete Selected to delete the rules you select.

  6. Click images/download/attachments/64686602/delete.png in the Conditions column to remove a condition from a rule.

  7. For Webhooks, an HTTP request can be invoked to the URL location when an alert is triggered. Verb (GET, POST, PUT, PATCH, DELETE) and URL are required to be defined. The acceptable message variables are the same set of variables that a Webhooks would support from Trigger Conditions tab.

    At present, Webhooks can only be configured on Policies. When adding Thresholds, although Webhooks are visible, they are disabled and cannot be configured.

    1. Buttons to populate default message into Webhooks body and for the ability to test.

      • Default Body - Populates a default message body into the Webhook body. If there is already a message in the Webhook body, it will clear the existing message and repopulate it with the default message.

        Alert $alertId - SEVERITY: $alertState
        Triggered: $lastSeen
        Message: $alertMessage
      • Test Webhook - Provides testing ability for the Webhook to the configured destination. It populates the result for the user, including the status code, response header, and body.

        images/download/attachments/64686602/policyClearConditions-TestWebhook.png

Create and Edit Conditions

The Edit Condition pop-up enables you to define the condition to either trigger the policy or to clear the policy. Conditions determine when to trigger an alert and when to clear an alert.

FYI

A right Riemann sum of the Gauge form of the data is used when you select option Total from the Aggregation drop-down.

Technology Type - Flow Conditions

For Technology Type Flow policies, perform the following steps to create a trigger condition or a clear condition.

  1. Click the Fields drop-down and select a field

  2. Click the Aggregation drop-down and select a data aggregation option.

  3. Click the Comparison drop-down and select a comparison operator.

  4. In the Value field, enter the value to trigger/clear the condition. Click the corresponding drop-down and select the unit of measure.

  5. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General tab. Custom message variables are not available for Flow policies.

  6. Click Save to save the condition.

Technology Type - Metric Conditions

For Technology Type Metric policies, there are three types of conditions.

images/download/attachments/64686602/policytrigger.png

  • Static conditions compare the current value of an indicator with the value you define.

  • Baseline conditions compare the current value of an indicator with the indicator's baseline value. There are three types of baseline conditions.

  • Slope conditions calculate the most recent six data points (minimum of four valid points) and compares that value to the threshold you define for the condition. Slope conditions looks for variation of a value from the values that came before to measure the relative consistency. This detects a significant change in behavior over a short time.

Static Conditions

Static conditions compare the current value of an indicator with the value you define.

Examples:

  • Inbound traffic is greater than 50Mb/s

  • Idle CPU time is less than 10%

Perform the following steps to define a Static condition.

  1. Click the Indicator drop-down and select the indicator on which to base the condition.

  2. Click the Type drop-down and select Static to compare the actual current indicator value to the policy indicator value you define.

  3. Click the Comparison drop-down and select a comparison operator. Most comparison operators are self explanatory.
    Select Bad Polls to trigger or clear an alert when a poll attempt either receives nothing or receives invalid data. This creates a time stamp entry and an entry in the data column that represents an unsuccessful poll. This drives the SNMP Availability metric of how many unsuccessful poll attempts were made in a given cycle versus how many poll attempts were successful.

  4. In the Threshold field, enter the value at which to trigger/clear the condition then click the Threshold drop-down and select the value unit of measure.

  5. The Duration field has two scenarios, a smoothing time duration or a detection time duration.

    • If you select Greater Than, Less Than, Equal To, Greater Than Equal To, Less Than Equal To, or Not Equal To in the Comparison field, enter the number of minutes for which the condition is to be met before the condition triggers/clears.

    • If you select Bad Polls, Changed, Changed From, or Changed To in the Comparison field, enter the number of minutes in which the condition must occur at least once before the condition triggers/clears. The Duration for these Comparisons must be equal to or greater than the poll frequency of the device or an alert does not trigger.

      As of SevOne NMS 5.7.2.22, when creating a new condition, Duration greater than 120 minutes (2 hours) is no longer allowed. However, for existing Policies, if the Duration is set to greater than 120 minutes (2 hours), it will maintain the duration and not be changed.

  6. Click the Aggregation drop-down and select a data aggregation method. When Count Over Threshold option is chosen from the drop-down, Count field becomes available. Specify the count number in the Count field. When Time Over Threshold option is chosen from the drop-down, Time field becomes available. Specify the time in minutes in the Time field.

    The configured time in Time Over Threshold should not be longer than the value set in field Duration.

  7. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General tab. You can enter variables to display such things as device name, IP address etc. See the Custom Message Variables list below.

  8. Click Save to save the condition.

Baseline Conditions

Baseline conditions compare the current value of an indicator with the indicator's baseline value. There are three types of baseline conditions.

  • Baseline Delta - Examples:

    • Inbound traffic is greater than 10Mb/s, relative to the baseline

    • Idle CPU time is less than 5% of the total, relative to the baseline

  • Baseline Percentage - Examples:

    • Inbound traffic is greater than 150% of the baseline

    • Idle CPU time is less than 60% of the baseline

  • Baseline Standard Deviation - Examples:

    • Inbound traffic is above/below three standard deviations of the baseline

    • Idle CPU time is below two standard deviations of the baseline

      Details:

      • If the baseline value is 100 and the standard deviation is 50, this does not model the expected actual value, since this appears to shift above and below the baseline value by a significant amount.

      • If the baseline value is 100 and the standard deviation is 10, this is a better representation of the normal value.

Note: Baseline Delta that uses Percentage vs. Baseline Percentage:

  • Baseline Delta uses a percentage comparison unit to the baseline +/- a percentage of the maximum indicator value. Baseline Delta is most useful when the scale of the baseline and the scale of the indicator are very different. Example: A critical interface that has typically low utilization but has irregular spikes that are no more than 10% of the total link capacity. If you do not knowing the value of the baseline itself, it is difficult to use the Baseline Percentage condition type.

  • Baseline Percentages compare the value to a percentage of the baseline.

Perform the following steps to define a Baseline condition

  1. Click the Indicator drop-down and select the indicator on which to base the condition.

  2. Click the Type drop-down.

    • Select Baseline Delta to compare the actual current indicator value to the indicator's baseline value.

      1. In the Threshold field, enter the value at which to trigger/clear the condition then click the Threshold drop-down and select the value unit of measure. Percentage refers to a percentage of the maximum value of the indicator and is not to be interpreted as a percentage of the baseline value.

      2. Click the Comparison drop-down and select a comparison operator.

    • Select Baseline Percentage to compare the ratio of the current indicator value to the indicator's baseline value.

      1. Click the Comparison drop-down and select a comparison operator.

      2. In the Threshold field, enter the percentage value at which to trigger/clear the condition.

    • Select Baseline Standard Deviation to compare the current indicator value to the indicator's expected regional value using standard deviations which is a measure that approximates the uncertainty of the value. Most data can be expected to be within six standard deviations of the baseline. A typical condition will test whether the data is above and/or below two or three standard deviations from the baseline value.

      1. Click the Standard Deviations drop-down and select the number of deviations. A smaller standard deviation means a tighter bracket on what is normal. The size of the standard deviation should represent the behavior of the data.

      2. Click the Direction drop-down and select Above, Below, or Above or Below the baseline. The most common use case is for Above or Below to have the condition test for deviations in both directions.

  3. The Duration field has two scenarios, a smoothing time duration or a detection time duration.

    • If you select Greater Than, Less Than, Equal To, Greater Than Equal To, Less Than Equal To, or Not Equal To in the Comparison field, enter the number of minutes for which the condition is to be met before the condition triggers/clears.

    • If you select Bad Polls, Changed, Changed From, or Changed To in the Comparison field, enter the number of minutes in which the condition must occur at least once before the condition triggers/clears. The Duration for these Comparisons must be equal to or greater than the poll frequency of the device or an alert does not trigger.

      As of SevOne NMS 5.7.2.22, when creating a new condition, Duration greater than 120 minutes (2 hours) is no longer allowed. However, for existing Policies, if the Duration is set to greater than 120 minutes (2 hours), it will maintain the duration and not be changed.

  4. Click the Aggregation drop-down and select a data aggregation method.

  5. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General tab. You can enter variables to display such things as device name, IP address etc. See the Custom Message Variables list below.

  6. Click Save to save the condition.

Slope Conditions

Slope conditions use a data window of six data points (minimum of four valid points) to perform the deviation from average (DFA) calculation or the relative standard deviation (RSD) calculation. The result of the calculation is compared to the threshold you define in the condition to trigger or clear the policy. Slope conditions looks for variation of a value from the values that came before to measure the relative consistency. This detects a significant change in behavior over a short time. A data window consists of at least four successful poll points and at most six successful poll point. As each new data point is received, the oldest data point is dropped and the new data point is validated. Whenever there are between four and six valid data points, the calculation is performed for the condition.

There are two types of slope conditions

  • Slope Variance DFA - Algorithm = std::abs( (P-avg)/avg )

    • P = The value of the point.

    • avg = The average of the points within data window.

    • The return value is an absolute value that represents both increasing slope and decreasing slope at the same time.

  • Slope Variance RSD - Algorithm = (100*stdDev)/avg

    • stdDev = The standard deviation from data window.

    • avg = The average of the data window.

Perform the following steps to define a Slope condition.

  1. Click the Indicator drop-down and select the indicator on which to base the condition.

  2. Click the Type drop-down.

    • Select Slope Variance DFA to compare the current indicator value to the indicator’s deviation from average value you define. This function calculates the degree to which the current value is different from the expected value and so the default threshold values are provided. This technique is also most effective when combined with other conditions.

    • Select Slope Variance RSD to compare the current indicator value to the indicator’s relative standard deviation value you define.

  3. Click the Comparison drop-down and select a comparison operator.

  4. In the Threshold field, enter the numeric value at which to trigger/clear the condition.

  5. Duration is irrelevant for the Slope Variance DFA condition type and for the Slope Variance RSD condition type.

  6. In the Custom Message field, enter a custom message that is specific to the condition. The custom message appends to the trigger message or to the clear message when you select the Append Condition Message check box on the General tab. You can enter variables to display such things as device name, IP address etc. See the Custom Message Variables list below.

  7. Click Save to save the condition.

Custom Message Variables

You can use the following variables when you enter a custom message for a trigger condition or a clear condition.

Custom message variables are not available for Flow policies.

  • $deviceIp displays the IP address of the device associated with this condition.

  • $deviceId displays the ID of the device associated with this condition.

  • $deviceName displays the name of the device associated with this condition.

  • $deviceAltName displays the alternate name of the triggered device.

  • $groupName displays the device group or device type that contains the device that triggered the policy.

  • $pluginName displays the short name for the plugin. For example, SNMP.

  • $pluginDescription displays the description of the plugin. For example, SNMP Poller.

  • $objectId displays the ID of the object associated with this condition.

  • $objectName displays the object name associated with this condition.

  • $objectAltName displays the alternate name of the triggered object.

  • $objectDescription displays the description of the object associated with this condition.

  • $indicatorName displays the indicator name associated with this condition.

  • $indicatorDescription displays the indicator description associated with this condition.

  • $comparisonOperation displays the comparison operation being performed in this condition.

  • $comparisonUnits displays the units of measurement being used in this condition.

  • $comparisonValue displays the value being used for comparison in this condition.

  • $dataValue displays the value observed or measured in this condition.

  • $dataUnits displays the unit of measurement that is recorded for the indicator in this condition.

  • $aggregationOperation displays the aggregation being used in this condition.

  • $aggregationDuration displays the duration of the aggregation being used in this condition.

  • $baselineValue displays the baseline value for this hour.

  • $sigmaValue displays the standard deviation value for this hour.

  • $sigmaDirection displays the standard deviation direction used in this condition.

  • $policyId displays the id of the policy.

  • $policyName displays the name of the policy.

  • $thresholdId displays the ID of the threshold.

  • $thresholdName displays the name of the threshold.

  • $thresholdValue displays the reference value over which the condition triggers.

  • $alertState displays the severity of the policy. For example, Emergency or Debug.

  • $alertType displays the technology type of the policy.

Boolean Operators

Boolean AND Operator
The Action icons enable you to create new conditions, create new rules, and to manage the conditions to rules assignments.

To combine several conditions as a Boolean AND operator, add all of the applicable conditions to a single rule so that the Trigger/Clear Condition tab displays the conditions as "Rule 1 | Conditions A AND B AND C" etc.

images/download/attachments/64686602/conditionand.png
Boolean - AND Operator

Boolean OR Operator
To combine several conditions as a Boolean OR operator, create two or more rules and add applicable conditions to the applicable rules so that the Trigger/Clear Condition tab displays the conditions for the first rule OR the conditions for the second rule, OR conditions for the third rule, etc.

images/download/attachments/64686602/conditionor.png
Boolean - OR Operator