APPENDIX B: TROUBLESHOOTING 113
If a service successfully connects, but otherwise "fails", a "service unresponsive" event is
generated. An example of this would be a poller sends a TCP connect request… and gets a
connecting, but within the “timeout” period there is no response. Thus, the Service is “up”, but it
is not performing up to an adequate level. This could be caused by the service itself, or through
network congestion – but in either case, it is a condition that warrants investigation.
Notifications
There are two ways to configure notifications: Easy: Add members to groups
~ More difficult: Configure Notifications
The easy way works for most people, as the CC-NOC comes with a set of default notifications
already created and all you have to do to use them is to create Users and add them to the default
Groups. The options provided by the Notification Configuration link, found on the Admin page,
are very powerful, but can become very time-consuming - as you have to create not only custom
paths, but also new notifications. If you are creating either IP, single or Range, or service-based
pollers, then you also need to take into account the built-in escalation that the CC-NOC will do,
for example, Service -> Interface -> Node, and create multiple notifications. Notifications can be
sent via:
• Email from the CC-NOC to email clients.
• Email from the CC-NOC to pager/mobile destinations.
• Via TAP from the CC-NOC to a paging system that supports TAP - TAP provides a
dial-around mechanism, but is not universally supported.
When building new notifications, it is always prudent to create an outage to test your notifications,
for example, pull a plug on a non-critical box. Also, test your emails to make sure that you are
able to receive the notifications that you do generate. There is a test SMTP settings button on the
Outgoing Email Communications page under the Admin tab, Appliance Network Settings -
use it to verify that the email system is configured. You can easily change the configuration from
this page to test. You can find more information about configuring notifications in
Chapter 6:
Configuring Notifications.
Also, take time to send notifications to pagers/phones, if applicable, and verify that there aren't
messaging limits.
Why am I Not Receiving Notifications?
The most common reason that users don't get notified is that they have not been added as a
member of a notification group. To receive notifications, you must be a member of the
Network/Systems, Windows Management, Security, Management, Admin, Reporting, or
“Customized” groups, or an individual user configured in a user-defined Notification Path.
Assuming the default configuration, the standard notification process is defined below.
The Network/Systems group receives notifications related to the CC-NOC's polling subsystems
(for example, Service Down, Interface Down, Node Down, etc.).
The Windows Management group receives notifications related to Windows Management.
When important desktop events happen, including system faults and software installation/removal,
email notifications are sent to members of this group.
The Security group receives notifications related to the CC-NOC Intrusion Detection subsystem
(IDS), as well as any security-related concerns noted through vulnerability scanning, Windows
Management, or SNMP trap receipt. When intrusion events are generated by the CC-NOC that
meet the configuration requirements for generating notifications, these notifications are sent to
members of the Security group. Please note that the Security group receives notifications all at
once, as opposed to using the escalation system that the Network/Systems group leverages. This
is due to the time-critical nature of security-related events.
The Admin group receives notifications for any events of concern to the appliance administrators.