Next Topic

Previous Topic

Book Contents

Alerts - Application Changes

The Application Changes page triggers an alert when a new application is installed or removed on selected machines. This alert is based on the latest audit.

You can specify the directories to exclude from triggering an alert. The exclude path may contain the wildcard asterisk (*) character. Excluding a folder excludes all subfolders. For example, if you exclude *\windows\*, c:\Windows and all subfolders are excluded. You can add to the current list of applications, replace the current application list or remove the existing application list.

Passing Alert Information to Emails and Scripts

The following type of monitoring alert emails can be sent and formatted:

  • Alert when application list change

Note: Changing this email alarm format changes the format for all Application Changes alert emails.

The following variables can be included in your formatted email alerts and in scripts.

Within an Email

Within a Script

Description

<at>

#at#

alert time

<db-view.column>

not available

Include a view.column from the database. For example, to include the computer name of the machine generating the alert in an email, use <db-vMachine.ComputerName>

<gr>

#gr#

group ID

<id>

#id#

machine ID

<il>

#il#

list of newly installed applications

<rl>

#rl#

list of newly removed applications

 

#subject#

subject text of the email message, if an email was sent in response to an alert

 

#body#

body text of the email message, if an email was sent in response to an alert

Apply

Click Apply to apply alert parameters to selected machine IDs. Confirm the information has been applied correctly in the machine ID list.

Clear

Click Clear to remove all parameter settings from selected machine IDs.

Create Alarm

If checked and an alarm condition is encountered, an alarm is created. Alarms are displayed in Monitor > Dashboard List, Monitor > Alarm Summary and Reports > Logs > Alarm Log.

Create Ticket

If checked and an alarm condition is encountered, a ticket is created.

Run Script after alert

If checked and an alarm condition is encountered, a script is run. You must click the select script link to choose a script to run. You can optionally direct the script to run on a specified range of machine IDs by clicking this machine ID link. These specified machine IDs do not have to match the machine ID that triggered the alarm condition.

Email Recipients

If checked and an alarm condition is encountered, an email is sent to the specified email addresses.

  • The email address of the currently logged in administrator displays in the Email Recipients field. It defaults from System > Preferences.
  • Click Format Email to display the Format Alert Email popup window. This window enables you to format the display of emails generated by the system when an alarm condition is encountered.
  • If the Add to current list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses are added without removing previously assigned email addresses.
  • If the Replace list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses replace the existing email addresses assigned.
  • If Removed is clicked, all email addresses are removed without modifying any alert parameters.
  • Email is sent directly from the KServer to the email address specified in the alert. The SMTP service in IIS sends the email directly to the address specified. Set the From Address using System > Configure.

Alert when audit detects New application installed

If checked, an alert is triggered when a new application is installed.

Alert when audit detects Existing application deleted

If checked, an alert is triggered when a new application is removed.

Exclude directories

You can specify the directories to exclude from triggering an alert. The exclude path may contain the wildcard asterisk (*) character. Excluding a folder excludes all subfolders. For example, if you exclude *\windows\*, c:\Windows and all subfolders are excluded. You can add to the current list of applications, replace the current application list or remove the existing application list.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Edit Icon

Click a row's edit icon to populate header parameters with values from that row. You can edit these values in the header and re-apply them.

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

ATSE

The ATSE response code assigned to machine IDs or SNMP devices:

  • A = Create Alarm
  • T = Create Ticket
  • S = Run Script
  • E = Email Recipients

Email Address

A comma separated list of email addresses where notifications are sent.

Installed Apps

Displays a checkmark if an alert is sent when an application is installed.

Removed Apps

Displays a checkmark if an alert is sent when an application is removed.

Exclude

Lists directories excluded from sending an alert when an application is installed or removed.