Monitoring Overview

As a systems administrator, sometimes you need to be notified when something important happens on one of your systems. Fortunately, OptiTune provides a comprehensive, highly customizable monitoring solution. It is fairly complex, and requires some explanation of how the components interact.

From a high level, the distinct pieces that form the OptiTune monitoring solution are:

  • Event Instance

  • Alert Instance

  • Event Source

    • Event Type

    • Event Parameters

  • Event Categories

  • Event Severities

  • Notification Group

  • Mail Template

  • Weekly Schedule

  • Subscription

Event Instance

Conceptually, an "Event Instance" is something that has occurred on one or more systems, or for an entire organization. Examples of event instances include:

  • Malware M detected on computer X

  • Failed to deploy application on computer Y

  • Lost contact with entire group of computers Z

  • User U logged in to OptiTune at time T

Event Source

Also known simply as an "Event", an "Event Source" actively monitors the systems in OptiTune, and will generate event instances as they are detected. OptiTune lets you configure all the available "Event Sources" in the system. Each Event Source has a Name, Description, Event Type, and Event Parameters. In OptiTune, you can add/modify/delete any event source at any time, or simply enable/disable the event source (to basically turn it on or off). You can also load a default list of "best practice" event sources from the Settings page, by pressing the "Factory Reset" button.

Event Type

Each event source has one Event Type, which describes the overall type of event (e.g. "Malware Detected").

Event Parameters

Depending on the Event Type chosen for an Event Source, you may also need to provide parameters for the Event Source. For example, if you choose the "System Disk Space Low" Event Type, you need to supply a parameter, "Bytes Free" indicating the conditions under which the event can be activated.

Event Categories

Because the list of Event Sources can be quite large (100+ event sources are created for you when setting up your organization for the first time), it is useful to group them into "Event Categories". Just as you can assign any managed computer to a group in OptiTune, you can also assign any Event Source to an Event Category. Each Event Category has a Name and Description.

Event Severity

Each Event Source also has its own "Event Severity" level. The Event Severity indicates the importance of each Event Source, and the corresponding Event Instances they generate. The Event Severities include:

  • Fatal

  • Critical

  • Error

  • Warning

  • Informational

  • Diagnostic

  • Trace

Notification Group

After an Event Source generates an Event Instance, you may want to inform a group of people, or "Notification Group". A notification group is basically a list of email address and SMS numbers that is notified in response to one or more Event Instances being generated. You can select existing user accounts from OptiTune, or manually specify email addresses and SMS numbers.

Mail Template

The format and contents of the email message or SMS text message are defined by a Mail Template. In OptiTune, you can fully brand the email message that is sent to include your own company's branding information, and even customize the format of how alerts are displayed in either an HTML or plain text email message. You can also fully customize the format of SMS text messages that are sent, which are limited to 128 characters each. Or, if you prefer, you can select from several pre-made default mail templates with OptiTune branding.

Subscription

A subscription ties together all of the above concepts. To create a subscription, you need to specify the following:

  • Subscription Enabled/Disabled

  • Computer/Group to Monitor

  • Event Categories

  • Event Severities

  • Notification Group

  • Mail Template

  • Schedule

When any enabled Event Source in OptiTune generates an event, the list of enabled subscriptions will be matched against the Event Instance, and all matching subscriptions will have their Notifications Groups notified using the Mail Template specified, as long as the Schedule for the subscription also matches the current time. Each subscription can have a weekly schedule (e.g. Monday, Wednesday, Friday from 2-6pm) defined, in which case the subscription will only be activated when the current time matches the subscription.

Importantly, unless you have a subscription created, no one will be notified when Event Instances are created, and no Alert Instances will be created either.

Alert Instance

An alert is almost identical to an Event Instance, except that it has a state of its own, or Alert Status (Active/Resolved/Ignored). When an Event Instance is created by an Event Source, and there is an active subscription for the Event, then an "Alert Instance" is created, and saved along with its Status. This provides you a way to see all the active alerts for the entire organization, in case you did not have an active subscription at the time the event instance was generated, or inadvertently deleted the alert email. It also provides you a centralized way to track the outstanding issues occurring in your organization.