PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

How can I only be alerted if a host remains offline for more than X minutes?

Article ID: 424
Category: Heartbeat Monitoring
Updated: 2020-07-17

EventSentry has a unique timer-filter feature that can suppress unnecessary alerts if the error condition only lasts for a (configurable) short period of time. This can be applied to alerts about hosts being down, services being stopped and more.

In this HowTo we will use the example of heartbeat events, which can sometimes generate unnecessary alerts due to a temporary network issue or packet drop that may correct itself automatically.

The diagrams below illustrate the two possible scenarios for filter timers:

Scenario 1: Offline host doesn't come back online within timer period (4 min) and 2 alerts are generated.

Scenario 2: Host comes back online within timer period and no alerts are generated

Under "Event Logs," create a new package labeled "Heartbeat Timer Filter," right-click and assign this to only the management console machine.

Fig.1: Creating and Assigning a New Package

Right-click the package and create an include filter labeled "Heartbeat Down" with the following details:

  • Action: Heartbeat Alert
  • Log: Application
  • Severity: Information, Warning, Error
  • Source: EventSentry
  • Category: Heartbeat Monitoring
  • Event ID: 11000
  • Content Filter & Notes: *OK to ERROR* (note the asterisk characters)
  • Content Filter & Notes: *OK to WARNING* (note the asterisk characters)

Fig.2: Filter Heartbeat Down

Right-click the package and create another include filter labeled "Heartbeat Up" with the following details:

  • Action: Heartbeat Alert
  • Log: Application
  • Severity: Information, Warning, Error
  • Source: EventSentry
  • Category: Heartbeat Monitoring
  • Event ID: 11000
  • Content Filter & Notes: *ERROR to OK* (note the asterisk characters)
  • Content Filter & Notes: *WARNING to OK* (note the asterisk characters)

Fig.3: Filter Heartbeat Up

Click on the filter "Heartbeat Down", click the "Timers" tab, check "Enable Timer" and set an appropriate timeout, e.g. 4 minutes. Click the '+' under "Filters that clear this timer" and select "Heartbeat Up"; under "Insertion Strings," click the '+' and choose "1-1."

Fig.4: Configuring Timers


Support Resources

Knowledge Base Knowledge Base
Documentation Documentation
Screenshot Screencasts
Blog Blog

Contact Support

Phone 1-877-NETIKUS
Email support@netikus.net

Tags

heartbeat monitoring timer filter

Try EventSentry on-premise

FREE 30-day evaluation

Download Now