Manage Events and Alerts
View event logs and alerts
The system monitors and reports on a variety of system events. It collects the events and writes them to the user log. The log contains a record for each event. Some log entries generate alerts. Alerts are usually events that require attention from the system administrator and typically indicate a system problem. For example, you might receive an alert telling you that a drive has faulted, or that the system is low on storage capacity.
In Unisphere, events appear as messages and alerts. The Unisphere CLI displays additional event attributes that provide more detailed event reports than what appears in Unisphere. Configure alert settings explains the commands for configuring alerts. The Unisphere online help provides more details on logs and alerts.
Each event record and alert is identified by an ID.
The following table lists the attributes for event records:
Attribute
|
Description
|
||
---|---|---|---|
Message ID
|
ID of the event record.
|
||
Description
|
Brief description of the event.
|
||
Severity
|
Severity of the event. Valid values are:
|
||
Time
|
Date and time when the event occurred, in Greenwich Mean Time (GMT).
|
||
Node
|
Name of the SP that generated the event. Valid values are:
|
||
Process
|
ID of the system process that generated the event.
|
||
Category
|
Event category.
|
||
Account
|
User account of the user that caused the event.
N/A appears if a user did not cause the event or the account is unavailable.
|
||
Component
|
System component that caused the event. Intended for service personnel.
|
||
Product
|
System product that caused the event. Intended for service personnel.
|
Attribute
|
Description
|
---|---|
ID
|
ID of the alert.
|
Time
|
Date and time (in GMT) when the alert occurred.
|
Message
|
Alert message.
|
Description
|
Description of a problem.
|
Severity
|
Alert severity. Valid values are:
|
Acknowledged
|
Indicates whether or not the alert was acknowledged. Valid values are:
|
State
|
Displays the alert state for each alert. Values are:
|
View event records
View a detailed log of system events. Each event is a record in the log and each record is identified by an ID. You can display 100 event records at a time and filter on a range of times when the events were logged and the event severity.
|
Format
/event/log show [-fromTime <value>] [-toTime <value>] [-limit <value>] [-severity {info | notice | warning | error | critical}]Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-fromTime
|
Type the beginning of the time interval for which to display event records. The format is YYYY-MM-DD HH:MM:SS.
|
||
-toTime
|
Type the end of the time interval for which to display event records. The format is YYYY-MM-DD HH:MM:SS.
|
||
-limit
|
Type the maximum number of records to display. The value cannot exceed the default number 100.
|
||
-severity
|
Type the minimum severity level of the events to display. For example, if you type
critical, records for the alert and emergency severities will also appear.
|
Example
The following command lists all event logs generated on 11/09/2009 up to 23:59:59 GMT:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/log show -fromTime “2009-11-09 00:00:00.000” –to “2009-11-09 23:59:59.999”
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: Message ID = Login success
Description = User admin authenticated in authority LocalDirectory/Local
Severity = info
Time = 2009-11-09 19:43:08.577
Node = spa
Account = unix/spa/root
Component = Server
View alert history
View a detailed list of all system alerts. When a new alert comes in, those alerts older than seven days will be cleared..
Format
/event/alert/hist show [-state {Active_Manual | Active_Auto | Inactive | Active_Updating | All} ] [ -fromTime <value> ] [-toTime <value>] [-limit <value>] [-acknowledged { yes | no }] [-severity {info | notice | warning | error | critical}]Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-fromTime
|
Type the beginning of the time interval for which to display event records. The format is YYYY-MM-DD HH:MM:SS.
|
||
-toTime
|
Type the end of the time interval for which to display event records. The format is YYYY-MM-DD HH:MM:SS.
|
||
-limit
|
Type the maximum number of records to display. The value cannot exceed the default number 100.
|
||
-acknowledged
|
Type to specify a list of alerts that have or have not been acknowledged. Valid values are:
|
||
-severity
|
Type the minimum severity level of the events to display. For example, if you type
critical, records for the alert and emergency severities will also appear.
|
||
-state
|
Specify the state of the alerts that you want to display. If this option is not specified, only active alerts will be displayed. Valid values are:
|
Example
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/hist -state Active_Manual show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: Id = alert_3
Time = 2016-03-01 17:30:00.309
Message = System contact information requires verification.
Description = "Please verify your system contact information. This will help your service provider to contact you and quickly respond to any critical issues. (https://10.108.53.216/help/webhelp/en_US/index.htm?#vxeuni_c_configure_alert_settings.html)"
Severity = info
Acknowledged = no
State = Active_Manual
2: Id = alert_2
Time = 2016-03-01 15:19:39.115
Message = There are new advisories available for viewing on the Technical Advisories page.
Description = "There are one or more new technical advisories available for viewing on the Technical Advisories page."
Severity = notice
Acknowledged = no
State = Active_Manual
3: Id = alert_1
Time = 2016-03-01 14:53:05.094
Message = System FCNCH0972C35D9 has experienced one or more problems that have left it in a degraded state
Description = "The system has experienced one or more failures resulting in degraded system performance. Check related alerts and fix the underlying problems. (https://10.108.53.216/help/webhelp/en_US/index.htm?#vxeuni_t_fix_underlying_problems.html)"
Severity = warning
Acknowledged = no
State = Active_Manual
Acknowledge alerts
Acknowledge specific alerts.
Format
/event/alert/hist -id <value> ackObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the identifier of the alert you want to acknowledge.
|
Example
The following command acknowledges alert_2.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/hist -id alert_2 ack
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Delete alerts
Delete specific alerts.
Format
/event/alert/hist -id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the identifier of the alert you want to delete.
|
Example
The following command deletes alert_3.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/hist -id alert_3 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Deactivate alerts
Manually deactive an alert that is in the Active_Manual state after it has been resolved.
Format
/event/alert/hist -id <value> deactivateObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the identifier of the alert.
|
Example
The following example shows how to deactivate alert_1, which is in the Active_Manual state, after it has been resolved. It is recommended that you do not deactivate alerts where the issue has not yet been resolved. Deactivated alerts cannot be reactivated, so do not deactivate the alert if you are not sure whether or not it has been resolved.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/hist -id alert_1 deactivate
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
You should only deactivate an alert when the issue has been solved. Once the alert has been deactivated, it can't be activated again. Do you want to proceed?
yes / no: yes
Operation completed successfully.
Configure alert settings
Specify how the system handles alerts, which are notifications of system and user events. You can have the alerts sent directly to your service provider and e-mailed to specific addresses. You can also have the system send alerts as traps to an SNMP destination. Configure SNMP destinations for alerts provides more details on setting up a destination to receive alerts over SNMP. View event logs and alerts provides details about viewing the current logs and alerts.
|
NOTE:
To send e-mail alerts, you must configure an SMTP server on the system as explained in
Manage SMTP server settings.
|
The following table lists the attributes for alerts:
Attribute
|
Description
|
||
---|---|---|---|
Language
|
Language in which the system sends e-mail alerts.
|
||
E-mail from address
|
The email address from which alert emails will be sent.
|
||
SNMP severity threshold
|
Minimal severity of alerts the system will send as SNMP traps. Valid values are:
|
||
SNMP version
|
Version of SNMP that the destination is running.
|
||
SNMP engine ID
|
SNMP engine ID for the SNMP destination.
|
||
Show all pool threshold alerts
|
Indicates whether the pool space usage percent threshold alerts are enabled. Values are:
|
||
Call home suppression start time
|
Date and time when the call home suppression is started.
|
||
Call home suppression end time
|
Data and time when the call home suppression ends.
|
View alert settings
View the settings for how the system handles alerts.
Format
/event/alert/conf showExample
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: Language = en-US
SNMP severity threshold = Info
SNMP version = 3.0
SNMP engine ID =
Show all pool threshold alerts = no
Call home suppression start time= 2017-04-10 00:00:00
Call home suppression end time = 2017-04-12 00:00:00
Configure alert settings
Configure the settings for how the system handles alerts.
|
NOTE:
For e-mail alerts to work, you must configure an SMTP server on the system, as explained in
Manage SMTP server settings.
|
Format
/event/alert/conf set [-emailFromAddr <value>] [-snmpSeverity {critical|error|warning|notice|info}] [-showAllPoolThresholdAlerts {yes | no}] [{-callHomeSuppressionEndTime <value> | -stopCallHomeSuppression}]Action qualifiers
Qualifier
|
Description
|
||
---|---|---|---|
-emailFromAddrs
|
Specify the email address from which alert emails will be sent.
|
||
-snmpSeverity
|
Specify the minimal severity of alerts the system will send as SNMP traps. Values are:
|
||
-showAllPoolThresholdAlerts
|
Specify whether the alert was generated due to an exceeded pool threshold. Valid values are:
|
||
-callHomeSuppressionEndTime
|
Specify the date and time when the call home suppression window will end. The total suppression window is the time between the current time and the suppression end time, or the start time and suppression end time for open suppression windows. The suppression window can be in one minute increments between 1 and 48 hours.
|
||
-stopCallHomeSuppression
|
Specify to disable call home suppression.
|
Example 1
The following command changes these alert settings:
- From address is "from@email.com".
- Minimum alert severity for sending alerts as SNMP traps is error.
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Example 2
The following command sets the end time for call home alert suppression:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf set –stopCallHomeSuppression
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Configure alert email settings
Specify the alert email settings.
Attribute
|
Description
|
---|---|
ID
|
Identifier of the alert email configuration.
|
Address
|
The email address from which alert emails will be sent.
|
Severity threshold
|
Minimal severity of alerts the system will send emails for. Valid values are:
|
Configure alert email settings
Configure the "email to" settings for alerts.
Format
/event/alert/conf/emailto create -addr <value> [ -severity {critical | error | warning | notice | info} ]Action qualifier
Qualifier
|
Description
|
---|---|
-addr
|
Type an e-mail address to send alerts to.
|
-severity
|
Specify the minimum severity of alerts that will trigger emails. Valid values are:
|
Example
This example shows the configuration of the "to" email address of "stuff1@mail.com" and a severity of "info".
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf/emailto create -addr stuff1@mail.com -severity info
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = alertEmailConfig_1
Operation completed successfully.
Change email alert settings
Change the current configuration for the alert "email to".
Format
/event/alert/conf/emailto { -id <value> | -addr <value> } set [ -newAddr <value> ] [ -severity { info | notice | warning | error | critical } ]Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the alert configuration you want to modify.
|
-addr
|
Type the address of the "email to" address for which you would like to change the alert email settings.
|
Action qualifier
Qualifier
|
Description
|
---|---|
-newAddr
|
Type a new email address to send alerts to.
|
-severity
|
Type the new the minimum severity of alerts that will trigger emails. Valid values are:
|
Example
The following command changes the alert "email to" address to "stuff1@newmail.com" and specifies the severity level of alerts that will trigger the email is "info".
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf/emailto -addr stuff1@mail.com set -newAddr stuff1@newmail.com -severity info
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = alertEmailConfig_1
Operation completed successfully.
View alert email settings
View the "email to" settings for alerts.
Format
/event/alert/conf/emailto [{ -id <value> | -addr <value>}] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the alert configuration you want to view.
|
-addr
|
Type the address of the "email to" address for which you would like view the alert email settings.
|
Example
This example shows the configuration of all of the alert emails on the system.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf/emailto show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = alertEmailConfig_1
Address = stuff1@mail.com
Severity threshold = Info
2: ID = alertEmailConfig_2
Address = stuff2@mail.com
Severity threshold = Notice
3: ID = alertEmailConfig_3
Address = stuff3@mail.com
Severity threshold = Notice
Test email alert settings
Send a test email to all of the email addresses configured to receive alert notifications.
Format
/event/alert/conf testEmailAlertExample
The following example demonstrates how to test alert email settings.
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf testEmailAlert
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Delete email alert settings
Delete alert email configurations.
Format
/event/alert/conf/emailto -id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the alert configuration you want to delete.
|
Example
The following command changes the alert "email to" address to "stuff1@newmail.com" and specifies the severity level of alerts that will trigger the email is "info".
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/conf/emailto -id alertEmailConfig_1 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.
Configure SNMP destinations for alerts
The system uses the Simple Network Management Protocol (SNMP) to transfer system alerts as traps to an SNMP destination host. Traps are asynchronous messages that notify the SNMP destination when system and user events occur. The three types of traps are:
- Information – Provide routine status information about system operation.
- Warnings – Indicate that a problem has occurred or may occur.
- Errors – Report system problems that occurred or are occurring.
You can configure the types of alert information the system reports (informational, error, or emergency indications).
Each SNMP destination is identified by an ID.
The following table lists the attributes for SNMP destinations:
Attribute
|
Description
|
---|---|
ID
|
ID of the SNMP destination.
|
Host
|
Hostname or IP address of the SNMP destination.
|
Port
|
Host port on the SNMP destination that will receive the traps.
|
User name
|
Username that is used to access the SNMP destination.
|
Auth protocol
|
Protocol that is used to authenticate access to the SNMP destination. Value is one of the following:
|
Auth password
|
Authentication password for accessing the SNMP destination.
|
Privacy protocol
|
Protocol that is used to enable privacy on the SNMP destination. The privacy protocol encrypts the SNMP packets. Value is one of the following:
|
Privacy password
|
Privacy password for the privacy protocol.
|
Create SNMP destination
Create an SNMP trap destination for system alerts.
Format
/event/alert/snmp create -host <value> -port <value> -userName <value> [ -authProto { none | md5 { -authPassword <value> | -authPasswordSecure } [ -privProto { none | aes { -privPassword <value> | -privPasswordSecure } | des { -privPassword <value> | -privPasswordSecure } } ] | sha { -authPassword <value> | -authPasswordSecure } [ -privProto { none | aes { -privPassword <value> | -privPasswordSecure } | des { -privPassword <value> | -privPasswordSecure } } ] } ] | -v2c -community <value> }Action qualifiers
Qualifier
|
Description
|
---|---|
-host
|
Type a hostname or IP address of the SNMP destination.
|
-port
|
Type the host port on the SNMP destination that will receive the traps.
|
-userName
|
Type the username that is used to access the SNMP destination.
|
-authProto
|
Specify the protocol that is used to authenticate access to the SNMP destination. Value is one of the following:
|
-authPassword
|
Type the authentication password.
|
-authPasswordSecure
|
Specify the password in secure mode. The user will be prompted to input the password.
|
-privProto
|
Specify the protocol that is used to enable privacy on the SNMP destination. Value is one of the following:
|
-privPassword
|
Type the privacy password.
|
-privPasswordSecure
|
Specify the password in secure mode. The user will be prompted to input the password.
|
-v2c
|
Specify that an SNMP v2c destination will be created.
|
-community
|
Specify the SNMP v2c destination community string.
|
Example
The following command creates an SNMP destination with these settings:
- Host IP is 10.64.75.1.
- Host port is 333.
- Username is user1.
- Authorization protocol is md5.
- Authorization password is authpassword1234.
- Privacy protocol is des.
- Privacy password is privpassword321.
The SNMP destination receives ID Host1_333:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/snmp create –host 10.64.75.1 –port 333 –userName user1 authProto md5 -authPassword authpassword1234 –privProto des –privPassword privpassword321
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = Host1_333
Operation completed successfully.
View SNMP destinations
View details about SNMP destinations. You can filter on the SNMP destination ID.
|
Format
/event/alert/snmp [-id <value>] showObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an SNMP destination.
|
Example
The following command lists all SNMP destinations:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/snmp show
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
1: ID = snmp_target_1
Version = v3
Host = 10.0.1.3
Port = 123
User name = v3User
Auth protocol = None
Privacy protocol = None
Community =
2: ID = snmp_target_2
Version = v2c
Host = 10.0.1.3
Port = 879
User name =
Auth protocol =
Privacy protocol =
Community = v2CommunityStr
Change SNMP destination settings
Change the settings for an SNMP destination.
Format
/event/alert/snmp -id <value> set [ -host <value> ] [ -port <value> ] [ -userName <value> ] [ -authProto { none | md5 { -authPassword <value> | -authPasswordSecure } [ -privProto { none | aes { -privPassword <value> | -privPasswordSecure } | des { -privPassword <value> | -privPasswordSecure } } ] | sha { -authPassword <value> | -authPasswordSecure } [ -privProto { none | aes { -privPassword <value> | -privPasswordSecure } | des { -privPassword <value> | -privPasswordSecure } } ] } ] | [ -community <value> ] }Object qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of the SNMP destination to change.
|
Action qualifiers
Qualifier
|
Description
|
---|---|
-host
|
Type a hostname or IP address of the SNMP destination.
|
-port
|
Type the host port on the SNMP destination that will receive the traps.
|
-userName
|
Type the username that is used to access the SNMP destination.
|
-authProto
|
Specify the protocol that is used to authenticate access to the SNMP destination. Value is one of the following:
|
-authPassword
|
Type the authentication password.
|
-authPasswordSecure
|
Specify the password in secure mode. The user will be prompted to input the password.
|
-privProto
|
Specify the protocol that is used to enable privacy on the SNMP destination. Value is one of the following:
|
-privPassword
|
Type the privacy password.
|
-privPasswordSecure
|
Specify the password in secure mode. The user will be prompted to input the password.
|
-community
|
Specify the SNMP v2c destination community string.
|
Example
The following command changes the authorization protocol, privacy protocol, authorization password, and privacy password for SNMP destination Host1_323:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/snmp –id Host1_323 set -authProto md5 -authPassword newauthpassword –privProto des –privPassword newprivpassword
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
ID = Host1_323
Operation completed successfully.
Delete SNMP destinations
Delete an SNMP destination.
|
NOTE:
If you delete an SNMP destination, the system will stop sending alerts to it as traps.
|
Format
/event/alert/snmp -id <value> deleteObject qualifier
Qualifier
|
Description
|
---|---|
-id
|
Type the ID of an SNMP destination to delete.
|
Example
The following command deletes SNMP destination Host1_323:
uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /event/alert/snmp -id Host1_323 delete
Storage system address: 10.0.0.1
Storage system port: 443
HTTPS connection
Operation completed successfully.