Trigger Settings

Incident Triggers are definitions of significant events that should be recorded by ControlUp. Each trigger includes a list of conditions which specify when the incident will be recorded and which follow-up actions will be performed at that time. The Trigger Settings window is used to define these triggers, while the Incidents Pane is used for viewing and analyzing the resulting incidents.

Cloud Analytics Triggers

ControlUp offers built-in incident triggers supplied by ControlUp Cloud Analytics. These triggers are based on vendor recommendations and industry best practices. For example, a “Citrix XenApp Events” trigger delivered by Cloud Analytics defines all event log entries recommended for monitoring by Citrix. From time to time, these triggers are updated to include new known issues and best practices. The idea behind Cloud Analytics is to provide ControlUp users with information about events that are known to correspond to known issues.

User-defined Triggers

ControlUp users can configure their own incident triggers to record irregularities, errors, performance issues and other events specific to the monitored environment. Incident triggers are stored in the organization’s public configuration set, meaning that there is only one set of triggers shared by all users in a ControlUp organization. In order to make changes to the triggers, the user needs the Configure Incident Triggers organization-wide permission.

Creating and Modifying an Incident Trigger

Step 1: Selecting an Incident Type

In order to create an incident trigger, in the Trigger Settings window, click the Add Trigger button. A New Incident Trigger wizard opens.

The first stage in creating a trigger is choosing the incident type. The following incident types are supported:

  • Stress Level – captures an increase in a record’s Stress Level value. This type of incident applies to all record types in ControlUp (Folders, Hosts, Computers, Sessions, Processes, Executables and Accounts). Choose this trigger to capture all types of performance issues, such as excessive resource consumption.
  • Windows Event – captures entries recorded in the operating system event logs of your managed computers. Select this trigger in order to record Windows event log entries for later analysis or troubleshooting.
  • Computer Down – this trigger is activated when a computer monitored by ControlUp becomes unavailable, for any reason.

Note: incidents of this type are only recorded by ControlUp Monitor, because continuous monitoring is required in order to detect a “Computer Down” event and ControlUp Console is not intended for continuous monitoring.

  • Process Started – this trigger is activated when a process matching a defined set of criteria is started on any of the managed computers.
  • Process Ended– this trigger is activated when a process matching a defined set of criteria is terminated on any of the managed computers.
  • User Logged On – this trigger is activated when a user logs on to one of your managed computers.
  • User Logged Off– this trigger is activated when a user logs off from one of your managed computers.
  • Session State Changed – this trigger is activated when a user session’s state changes on one of your managed computers.
  • Advanced - This trigger is activated when a custom set of conditions applies to a row in ControlUp's information grid. Use this trigger type to capture a scenario that is not covered by any other trigger type.

Step 2: Configuring Incident Details

For Stress Level triggers, configure the following details:

  • Record type – the kind of ControlUp record to which the trigger applies (Folder, Computer, Session, Process, etc.).
  • Stress Level – the minimum Stress Level threshold to trigger the incident.
  • Duration – the minimum period during which the record needs to stay above the configured stress level in order for the trigger to be activated (range: 3 seconds – ∞).

For Computer Down triggers, configure the following details:

  • Record an incident – the reason the computer is down (normal shutdown, ControlUp Agent service stopped, the Monitor cannot connect to the computer, or any of these)
  • Minimum duration – the minimum period during which the computer must be down in order for the trigger to be activated (range: 3 seconds – ∞)

Note: if the computer goes down more than once in a five-minute period, and the first time it does so, the duration is less than the minimum duration specified in the trigger settings, the trigger is not activated during that five-minute period. (This is because the Monitor normally polls managed computers once every five minutes, unless a trigger incident occurs whose duration is at least the minimum duration specified. In this case, no trigger incident of this duration is detected during the normal polling, so polling only resumes five minutes later.)

For Session State Changed triggers, configure the following details:

  • From State – the state of the user session before the change
  • To State – the state of the user session after the change
  • Minimum duration in new state – the minimum period during which the session must be in the new state in order for the trigger to be activated (range: 3 seconds – ∞)

For Advanced triggers, configure the following details:

  • Record type – the kind of ControlUp record to which the trigger applies (Folder, Computer, Session, Process, etc.).
  • From State – the state of the record before the change (optional; defined using filter criteria – see Step 3)

Note: To include new items with no initial state, select the Include… checkbox.

  • To State – the state of the record after the change (defined using filter criteria – see Step 3)

Minimum duration in new state – the minimum period during which the record needs to stay in the new state in order for the trigger to be activated

Step 3: Adding Filtering Criteria

For every trigger, you may configure an advanced filter using any combination of criteria, which will be evaluated against all the properties of the affected records. For example, you might want to configure a Stress Level trigger that only captures the activity of processes with a certain name or a Windows Event trigger that only captures specific event IDs.

The Filter Editor is a window in which you can configure your criteria. This window is similar to the Item Level Targeting filter control used in Microsoft Windows Group Policy Management Console (GPMC), and uses the same logic.

Note: when configuring search criteria on a string attribute, please note the following behavior of wildcards

Search string Will match Will not match
test test any string except “test”
test* test1test1111test1111test111(or any other string in which “test” is followed by one or more characters) test1test111test(any string which ends with “test”)
*test 1test111test1test1111test111(or any other string in which “test” is preceded by one or more characters) testtest1test111(any string which begins with “test”)

Step 4: Configuring Trigger Scope and Schedule

In the Scope drop-down box, you can select which folder the trigger applies to. The Include all child folders checkbox controls whether this setting applies to the entire folder structure under the selected folder. By default, any newly created trigger applies to the entire organization.

The Schedule drop-down box allows you to select when an incident will be active. By default, any newly created triggers are active at all times (All Days schedule). Using the Add New Schedule option, you can define a new time pattern.

Step 5: Adding Follow-up actions

Every trigger may include one or more follow-up actions. The following actions are available:

  • Send an e-mail alert – delivers an e-mail with the incident details to the selected recipients. A valid recipient is a ControlUp user in your organization who has verified their e-mail address by activating their ControlUp account. This follow-up action uses ControlUp Hybrid Cloud services for the delivery of alerts and does not require a local mail server.
  • Send a mobile push notification – delivers an alert to your mobile devices using ControlUp Mobile Apps. For more information please refer to the Mobile Apps documentation page.
  • Dump view/s to disk – when the incident is triggered, this follow-up action will save the contents of the selected ControlUp views to the disk as a comma-delimited file.
  • Record an event in the Application Log – will create a new log entry in the Windows Application Log of the computer that detected the incident.
  • Play a sound alert in the console – if ControlUp Console is open when the incident is detected, the console will play the selected sound file.
  • Send an e-mail alert using a local SMTP server – delivers an e-mail alert with the incident details to any number of valid e-mail addresses, via a user-configured SMTP server. This will occur only if your organization includes an active instance of ControlUp Monitor which has been configured with sufficient connection details and credentials to send messages using the SMTP server.
  • Run an action – runs a Script Action automatically

Note: incidents will be recorded in your organization’s incidents database for later analysis, even if no follow-up actions are configured.

Step 6: Set a name and description for the trigger

A name and description will be automatically generated for every trigger. It is recommended that you review the name and description in order to ensure that you will be able to identify the trigger when you receive alerts or analyze incidents.

Powered by Zendesk