Alert Definition Examples

Example: Defining an Alert for SAS Work Directory
Example: Defining an Alert for a SAS Server Log File
Example: Defining an SNMP Alert Notification

Example: Defining an Alert for SAS Work Directory

This example provides information for setting up an alert to be triggered whenever the volume on which the SAS Work directory resides reaches 90% of its capacity. The alert should be issued once every two hours until the condition is cleared. When the alert is triggered, users with the Operations role should be notified.
  1. Locate the service SAS Home Directory 9.4 SAS work directory. The service is under the SAS Home Directory 9.4 server.
  2. Navigate to the Resource Detail page for the service. On the Detail page, select Alertthen selectConfigure to display the Alert Configuration page. Click New to display the New Alert Configuration page.
  3. Name the alert, select the priority, and specify that the alert should be active.
    alert name
  4. In the If Condition area, select the Metric radio button, then select Use Percent in the Metric field.
  5. To specify 90% capacity, enter .9 in the absolute value field. To specify that the alert is triggered whenever the used capacity exceeds 90%, specify and select > (Greater than) from the comparison menu.
    alert condition
  6. In the Enable Action(s) field, specify 1 for the number of times the alert is issued, 2 for the timer period, and select hours for the time period units. These values specify that the alert is issued one time every two hours while the alert conditions are met.
    alert timer
  7. Click OK to define the alert and display the Configuration page for the new alert.
  8. Select Notify Roles, and then select Add to List.
  9. Select the check box beside Operations in the Roles list and use the arrow control to move the role to the Add Role Notification list.
  10. Click OK to close the Role Selection page and then Return to Alert Definitions to complete the process of defining the alert.

Example: Defining an Alert for a SAS Server Log File

This example provides information for setting up an alert to be triggered whenever a warning message for the I/O Subsystem appears in the log of the SAS Metadata Server. The alert should be issued every time an error appears in the log.
  1. Follow the procedure in Creating Events Based on SAS Server Logs to create an event from the SAS Metadata Server log file. Add the entry 
    level.warn.2=.*I/O Subsystem.*
    to the sev_logtracker_plugin.properties file for the SAS Metadata Server.
  2. Locate the server SASMeta – SAS Metadata Server in the Resource page.
  3. Navigate to the Resource Detail page for the server. On the Detail page, select Alertthen selectConfigure to display the Alert Configuration page. Click New to display the New Alert Configuration page
  4. Name the alert, select the priority, and specify that the alert should be active.
    new alert name
  5. In the If Condition area, select the Event/Logs Level radio button, then select Warn in the Event/Logs Level field.
    In the match substring field, enter I/O Subsystem. These values specify that an alert is issued whenever an event is found for a Warn message from the log containing the string “I/O Subsystem.”
    alert for logs
  6. In the Enable Action(s) area, select the Each time conditions are met radio button. This specifies that the alert is triggered each time an I/O Subsystem warning appears in the log.
  7. Click OK to define the alert.

Example: Defining an SNMP Alert Notification

Creating a SAS Management Console alert that results in an SNMP trap notification is a process that can be difficult to troubleshoot. There are many potential problem areas, such as routing and filtering, that can mask any configuration errors. If you are using SAS Environment Manager with an enterprise monitoring application, SNMP alerts enable you to receive real-time notifications for critical alerts, while using event exporting for the audit tracking of all alerts.
In order to eliminate external issues with SNMP alerts, the best practice is to configure a local SNMP trap receiver on the SAS Environment Manager server, test everything locally by sending a trap from SAS Environment Manager to a trap receiver that is also configured on the SAS Environment Manager server. After testing is complete, you can then change the configuration to use the production settings. The following steps provide an example of this testing process:
  1. Configure a local SNMP trap receiver for testing.
  2. Verify that the trap receiver works correctly by using an operating system-based trap sender.
  3. In SAS Environment Manager, enable SNMP trap sending and specify the SNMP configuration parameters.
  4. Create a sample SAS Environment Manager alert that causes an SNMP trap notification to be sent.
  5. Verify that the alert caused an SNMP trap notification to be sent.
  6. Change the settings to point to the production trap receiver instead of the local test trap receiver.
To configure the alert, follow these steps:
Step1: Configure a Local SNMP Trap Receiver for Testing
Perform these steps as the root user ID.
  1. Set the Security Enhanced Linux to permissive so that the trap messages can be redirected. To change the state only for the currently session, issue the command setenforce 0.
    To change the state permanently, modify the file /etc/selinux/config as root, change the value for the SELINUX= parameter to permissive, save the file, and reboot the machine.
  2. Edit the snmptrapd.conf file, located in the /etc directory.
  3. Add these two lines to the file: 
    authCommunity log,execute,net public 
logOption f /tmp/snmptraps.log
    The logOption line specifies that snmptrapd should write trap messages to the external file /tmp/smptraps.log.
  4. Create a file named UCD-TRAP-TEST-MIB.txt in the directory /usr/share/snmp/mibs. Enter the following as the contents of the file:
    UCD-TRAP-TEST-MIB DEFINITIONS ::= BEGIN
      IMPORTS ucdExperimental FROM UCD-SNMP-MIB;

demotraps OBJECT IDENTIFIER ::= { ucdExperimental 990 }

demoTrap TRAP-TYPE
      ENTERPRISE demotraps
      VARIABLES { sysLocation }
      DESCRIPTION "An example of an SMIv1 trap"
      ::= 17

END
  5. Restart the snmptrapd server by issuing this command:
    # service snmptrapd restart
    Verify that you receive a response of OK from the server restart command.
  6. Restart the SNMP server by issuing this command:
    # service snmpd restart
    Verify that you receive a response of OK from the server restart command.
Step 2: Verify the SNMP Trap Receiver
After you configure the test configuration, verify that the trap is working as expected. If you are using Windows, you can verify the operation using an snmptrap receiver tool.
  1. Verify that the snmpd server is operating correctly by issuing these commands:
    snmptest –v 2c –c public <host>
Variable: system.sysDescr.0
Variable:<blank>
    The value for host is the FQDN name or IP address of the SAS Environment Manager server.
    Verify that the system responds by returning the MIB system description, for example: 
    SNMPv2-MIB::sysDescr.0 = STRING: Linux <host> 2.6.32-220.17.1.el6.x86_64 #1 SMP Thu Apr 26 13:37:13 EDT 2012 x86_64
  2. Issue a simple and local snmptrap command. For example: 
    snmptrap -v 1 -c public <host> UCD-TRAP-TEST-MIB::demotraps "" 6 17 "" \ 
SNMPv2-MIB::sysLocation.0 s "snmp test string"
    The value of host is the is the FQDN name or IP address of the SAS Environment Manager server. Use a value of localhost if you execute the command on the SAS Environment Manager server.
  3. Verify that the following log entry has been written to your /tmp/snmptraps.log: 
    2015-03-13 11:03:04 192.193.194.195(via UDP: [10.122.32.74]:43576->[10.122.32.74]) TRAP, SNMP v1, community public
iso.2.3.4.5.6 Enterprise Specific Trap (99) Uptime: 0:00:00.55
iso.11.12.13.14.15 = STRING: "SNMP trap test string"
Step 3: Enable SNMP Trap Sending in SAS Environment Manager
Before you can create an alert in SAS Environment Manager that uses SNMP, you must enable SNMP trap sending. At this point in the process, you are configuring SAS Environment Manager to send SNMP traps to the local test receiver.
  1. In SAS Environment Manager, select Managethen selectServer Settings to display the Edit Server Settings page.
  2. In the Edit Server Settings page, locate the SNMP Server Configuration Properties area and select 1 in the SNMP Protocol Version field.
  3. Specify these values for the SNMP Server Configuration Properties:
    SNMP Trap OID
    The selected OID value for the test (for example, 1.3.6.1.2.1.11.0.6). This value is the OID of the local test trap receiver.
    Community
    public (the default value).
    Generic ID
    0
    Enterprise OID
    The selected OID value for the test (for example, 1.3.6.1.2.1.11.0.6). This value is the OID of the local test trap receiver.
    Default Notification Mechanism
    v1 Trap
    Specific ID
    leave blank
    Agent Address
    Specify the IP address of the SAS Environment Manager server.
Step 4: Create a Test Alert in SAS Environment Manager
After you have verified that the SNMP trap works as expected, use SAS Environment Manager to create a test alert that causes an SNMP trap to be sent. This example creates an alert that will trigger when the File System Reads/Writes per Minute metric is greater than 10. Because this alert will be triggered every time SAS Environment Manager scans for new alerts, it will test the SNMP trap configuration relatively quickly.
  1. In SAS Environment Manager, select Resourcesthen selectBrowsethen selectPlatform. Locate the entry in the platform table for the SAS Environment Manager platform and select the Alert icon to the left of the platform entry to display the Alerts page
  2. On the Alerts page, select New to display the New Alert Definition page.
  3. In the New Alert Definition page, specify the following information to define the alert:
    If Condition Metric
    Select File System Reads/Writes per Minute
    If Condition comparison
    Select Greater than and specify 10 for the comparison value.
    Enable Action
    Select Each time conditions are met.
  4. Click OK to define the alert and display the Alert Definition page. Select SNMP Notification.
  5. Specify these values:
    IP Address
    Specify the IP address of the SAS Environment Manager server, followed by a slash and the SNMP trap port (typically 162). An example entry might be 10.122.32.74/162.
    Notification Mechanism
    Select v1 Trap.
    OID
    Specify the OID value for the local test trap receiver (for example, 1.3.6.1.2.1.11.0.6). This value should match the value of the SNMP Trap OID field on the SNMP Server Configuration Properties page.
    Click Save Changes to save the alert.
Step 5: Verify That the Alert Sent an SNMP Trap
After you define the alert, verify that an occurrence of the alert writes a record to the SNMP trap log, which verifies that the SNMP trap was successfully sent from SAS Environment Manager to the local test trap receiver.
  1. Wait until the alert triggers. Be default, alerts are scanned every five minutes, and the alert should be triggered whenever the alerts are scanned. When the alert triggers, a trap should be written to the location specified in step 2 (in this example, /tmp/snmptrap.log). Because the trap is sent to the local test receiver, this location is on the SAS Environment Manager Server machine.
  2. Verify that snmptrapd on the received the trap. The trap should be similar to the following: 
    2015-03-13 11:00:23 ptnode24.ptest.sas.com [10.122.32.74] (via UDP: [10.122.32.74]:60162->[10.122.32.74]) TRAP, SNMP v1, community public 	
SNMPv2-MIB::snmp.0.6 Cold Start Trap (0) Uptime: 0:00:00.00 	
SNMPv2-MIB::snmp.0.6 = STRING: "SNMP trap example:SNMP trap example <host> File System Reads/Writes per Minute (433.0)
Step 6: Change the Alert Settings to Send Traps to the Production Receiver
  1. After you verify that the alert works properly with the local trap receiver, you must change the settings in SAS Environment Manager to send traps to the production trap receiver. Contact your IT staff to determine the values for your organization’s production SNMP trap receiver. You will need to know the IP address and port for the receiver, as well as the OID value.
  2. In SAS Environment Manager, select Managethen selectServer Settings to edit the SNMP server configuration properties. Replace the test OID values with your production OID values.
  3. Edit the alert definition in SAS Environment Manager. Change the alert conditions to specify the alert that you want to cause an SNMP notification. Specify your organization’s values for IP Address and OID and save the alert.
  4. If you want to create more alerts with SNMP notification, create the alert normally and specify the values for the production SNMP trap receiver.
Copyright © SAS Institute Inc. All rights reserved.