Users with at least Operator rights can acknowledge stateful events. By acknowledging an event, the user confirms he/she is aware that the event has taken place and that he/she takes responsibility for the follow-up. Stateful events can be “Acked” on the Pending events page. These actions are logged!
Adding filters / Blocking events
In addition to the ability to acknowledge events, you can also add filter rules to block events. This can be useful if many (unimportant) events are received from (lowly-ranked) devices. Filter rules can be added from the Pending events page as well as the Events history page by clicking on the colored filter icons.
Filter rules can be defined for:
- Threshold violated events
- Anomaly detected events
- Trap received events
- Syslog message received events
Filters can be added system-wide or per device. System-wide defined filters are shown on the Event filters page, device filters are shown on a device’s dashboard page (Right-click on a device icon on the map and select Dashboard from the popup-menu – you need at least Operator rights).
Filters can be defined based on:
- The event type (Trap, Syslog, Anomaly etc)
- The message content (textual comparison)
- The event source (device id)
- A combination of above
A note about message content comparisons
For filtering on message content, the distance algorithm Damerau-Levenshtein is used. Messages often contain all sorts of variables and / or time stamps, so that an exact match between two messages is usually not possible.
Before a newly received message text is passed to the algorithm, all numerical data is first removed from the text. After this, the algorithm gives a reasonable assurance that two messages have the same kind of content.