Alert Service Operations

You can use Alert Service operations to manage alerts in the TIBCO LogLogic® appliance.

Overview

You can use Alert Service operations to create, read, update, and delete alerts as well as view all alerts in the TIBCO LogLogic® appliance.

Using the createAlert and updateAlert operations, you can define and update rules to detect unusual traffic on your network or detect appliance system anomalies. Alerts can be configured to generate SNMP events and/or send an email notification when the alert rule is triggered for a specific type of alert.

The alert types are:
  • Adaptive Baseline
  • Cisco PIX/ASA/FWSM Messages
  • Message Volume
  • Network Policy
  • Pre-defined Search Filter
  • Ratio Based
  • System
  • VPN Connections
  • VPN Messages
  • VPN Statistics
For more information on supported alerts, see Alert Types. In the TIBCO LogLogic® GUI, to view the user interface implementation, navigate to Alerts.

When creating (createAlert) or updating (updateAlert) an alert, you must specify a value for the alertRules request parameter. The alertRules value is used to define alert rules for a specific alert.

Implementation Guidelines

The general implementation guidelines for the Alert Service operations:

  • A set of common request parameters are required for each Alert Service operation.

    The createAlert Operation, createAlertRemote Operation, updateAlert Operation, and updateAlertRemote Operation require that you specify common and alert-specific request parameters. Alert-specific request parameters are specified using the alertRules request parameter.

  • Alert Rules, defined in the alertRules request parameter, are specified as a string in the format:

    pararmeter1/valueA//parameter2/valueD//pararmeter3/valueE/

    For example, a rule for the Network Policy alert is: 

    FewerThan/100//MoreThan/10//alertFilter/False//policyAction/Accept//srcIPMin/10.1.2.3//srcIPMax/255.255.255.255//srcPortMin/0//srcPortMax/100//destIPMin/10.1.1.123//destIPMax/255.255.255.255//destPortMin/0//destPortMax/100//protocol/all

For specific usage rules, see:

Status Codes

2000 Server success
4000 Unauthorized request
5000 Invalid parameter, getStatusMessage() contains detail information about the error

Description of Alert Service Operations

There are two kinds of operations:
  • local - operation is performed on the local appliance itself
  • remote - operations (names ending with Remote) performed on a specified remote appliance through the Management Station

The Alert Service operations are as follows: