Alert Service Operations
You can use Alert Service operations to manage alerts in the TIBCO LogLogic® appliance.
Overview
You can use Alert Service operations to create, read, update, and delete alerts as well as view all alerts in the TIBCO LogLogic® appliance.
Using the CreateAlert and UpdateAlert operations, you can define and update rules to detect unusual traffic on your network or detect appliance system anomalies. Alerts can be configured to generate SNMP events and/or send an email notification when the alert rule is triggered for a specific type of alert.
The alert types are Adaptive Baseline, Cisco PIX/ASA Messages, Message Volume, Network Policy, Pre-defined Search Filter, Ratio Based, System, VPN Connections, VPN Messages, and VPN Statistics. For more information on supported alerts, see Alert Types or the online help for each specific alert. In the TIBCO LogLogic® appliance, to view the user interface implementation navigate to Alerts.
When creating (CreateAlert) or updating (UpdateAlert) an alert, you must specify a value for the alertRules Common Request Parameter. The alertRules value is used to define alert rules for a specific alert.
The following diagram provides a graphical view of the Common and Alert-Specific Parameters. The example displays an implementation of the createAlert operation specifying the VPN Messages alert type for the alertRules.
Implementation Guidelines
The general implementation guidelines for the Alert Service operations:
- A set of
Common Request Parameters are required for each Alert Service operation.
The createAlert Operation, createAlertRemote Operation, updateAlert Operation, and updateAlertRemote Operation require that you specify Common and Alert-Specific Request Parameters. Alert-Specific Request Parameters are specified using the alertRules Common Request Parameter.
- Alert Rules, defined in the alertRules Common Request Parameter, are specified as a string in the format:
“/pararmeter1/valueA//parameter2/valueD/valueE/”
For example, a rule for the Network Policy alert is:
“FewerThan/100//MoreThan/10//alertFilter/False//policyAction/Accept//srcIPMin/10.1.2.3//srcIPMax/255.255.255.255//srcPortMin/0//srcPortMax/100//destIPMin/10.1.1.123//destIPMax/255.255.255.255//destPortMin/0//destPortMax/100//protocol/all”
For specific usage rules, see Common Request Parameters and Alert-Specific Request Parameters.
Alert Service Operation Definitions
There are two kinds of operations:
- local - operation is performed on the local appliance itself
- remote - operations (names ending with Remote) performed on a specified remote appliance
The Alert Service Operations are as follows:
- createAlert Operation
- createAlertRemote Operation
- readAlert Operation
- readAlertRemote Operation
- updateAlert Operation
- updateAlertRemote Operation
- deleteAlert Operation
- deleteAlertRemote Operation
- getList Operation
- getListRemote Operation
- alertResponse Type
- getAlertHistory Operation
- acknowledgeAlertHistoryByKey Operation
- removeAlertHistoryByKey Operation
- removeAlertHistory Operation
- alertHistoryResponse Type