Auditor Help: Using Alerts & Triggers

Note! Note: Alerts & triggers are available in the Auditor Professional version of the Ecora software. They are not available in the Auditor Basic version. If you are interested in the Auditor edition, please contact a sales representative.

Triggers and alert allow you to define conditions that result in actions. For example, you may choose to establish a trigger condition for report creation or data collection failure, then add an alert in the form of email notification if that condition (trigger) is met.

Configuring Alerts & Triggers
            SMTP Alerts
            SNMP Alerts
            Windows Event Log Alerts
            Net Send Alerts
            Unix Sys Log Alerts
            Ecora Log Alerts
Creating an Alert
            SMTP Alerts
            SNMP Alerts
            Windows Event Log Alerts
            Net Send Alerts
            Unix Sys Log Alerts
            Ecora Log Alerts
Creating a Trigger

To configure the software for triggers & alerts:

  1. Run the Ecora software.
  2. Choose File... Settings... from the menu.
  3. Click on the Alerting tab.
  4. In the Alerting area, click in the Enable checkbox.
  5. Use the drop-down list to select a interval (in minutes- minimum 10 minutes) to set how often the software checks for the conditions you define.
  6. Click in the Prompt when adding a disabled alert checkbox if you wish to be warned of any attempt to use an alert that is marked as disabled.
  7. Click on the Service Log On button to set the Local System Account or to specify the Account and enter valid credentials.
  8. Alert SettingsAlert Settings

  9. On the SMTP Alerting tab, and click in the Enable checkbox to enable alerts via email.
  10. Enter the SMTP Server name and Port number through which it communicates. The SMTP Server is generally your mail server, such as mail.companyname.com.
  11. Enter email addresses in the From:, To:, CC:, and BCC: fields for emailing completed reports or report notices.
  12. Enter a subject line for emailed reports to notify recipients of the email's content.
  13. Click in the Attach report to message checkbox if you wish to include the whole report with the email.
  14. If attaching, click in the Compress Report checkbox if you wish to use software to reduce the file size.
  15. Set the maximum size for attachments by typing it in the box or using the up/down arrows.
  16. Click in the Include hyper-link to report (shared) in message checkbox if you wish to include a link to the URL for the report (on a shared drive) in the email.
  17. If linking, enter the name of the shared directory where the report is available.
    Note Notes:
    • Fact-Finding Reports must be saved to a shared directory. All other report types require that the software installation directory be shared. Directories created by the software installation are NOT shared by default; you must set them to shared explicitly.
    • The settings on SMTP Alerting tab are applied to new email alerts only (created manually), not to the "Send email to administrator" email alert created by default by Auditor.
  18. Click on the SNMP Alerting tab, and click in the Enable checkbox to enable alerts via SNMP traps.
  19. Enter the SNMP Manager name. The SNMP Manager can be the name of any server running an application capable of receiving SNMP traps.
  20. Enter or select the Port number using the up/down arrows.
    Reference For additional information, see Using SNMP.
  21. Click on the Windows Event Log Alerting tab.
  22. Click in the Enable checkbox to enable alerts on events in the Windows Event Log.
  23. SNMP Alert Settings Windows Event Log Alert Settings

  24. Click on the Net Send Alerting tab.
  25. Click in the Enable checkbox to enable alerts using Net Send.
    Note Note: The Windows Messenger Service must be started and running for sending or receiving alerts.
  26. Click on the Unix Sys Log Alerting tab.
  27. Click in the Enable checkbox to enable alerts on events in the Unix Sys Log.
  28. Enter the IP Address for the default system running the syslog daemon.
    Note Note: On some Unix systems, the syslog daemon starts with no access from remote systems for security reasons. These systems syslog daemon (LISTENER) should be reconfigured to allow accept syslog messages from remote host.
    For example: FreeBSD 5.3 syslogd daemon starts with "-s" option by default, which does not allow remote hosts to send syslog messages. syslogd should be started with no keys or with "-a" key. On Red Hat Linux, syslogd should be started with "-r" key.
    Resource See "man syslogd" for more information.
  29. Net Send Alert Settings Unix Sys Log Alert Settings

  30. Click on the Ecora Log Alerting tab.
  31. Click in the Enable checkbox to enable alerts on events in the Ecora Log.
  32.  Ecora Log Alert Settings

  33. Click OK.



To create an alert:

  1. Choose Edit... Alerts and Triggers... from the main menu.
  2. Click New....
    Edit Alert dialog box
    Alert Types
  3. Click in the radio button for the type of alert you wish to set.
    An Email Alert allows you to specify an email message to be sent when the trigger condition is met.
    An SNMP Alert can send a message to the manager console.
    A Windows Log Event Alert writes successes, failures, information, +/or warnings to the Windows event log.
    A Net Send Alert writes successes, failures, information, +/or warnings to the Windows event log.
    Unix Sys Log Alerts writes successes, failures, information, +/or warnings to the Windows event log.
    A Ecora Log Alerts writes successes, failures, information, +/or warnings to the Windows event log.
  4. Click OK.
  5. Enter a name and description for the alert.
  6. Proceed according to the type of alert you selected.

Email Alert Basics


  1. Click on the Email tab.
    Alert Email
  2. Enter the email addresses for those you wish to receive the report and the subject line of the email.
  3. Click in the Attach Report option to include a full copy of the report with the email.
    Note Note: Attaching the full report is affected by the maximum size set under the File... Settings... Alerts tab.
  4. Click in the Compress report option if you want the report packaged by software to save space.
  5. Click in the Include hyper-link to report (shared) in message option if you wish to include the URL link.
  6. Enter of confirm the share name (shared directory in which the report is located).
    Note Notes: Fact-Finding Reports must be saved to a shared directory. All other report types require that the software installation directory be shared. Directories created by the software installation are NOT shared by default; you must set them to shared explicitly.
    If Default Storage Directory (DSD) is local, you can't use remote share name in alert settings. Use a share name without server name.
  7. Click OK.

  1. Click on the SNMP tab.
    Alert SNMP
  2. Enter the community server acting as your SNMP server.
  3. Click OK.

  1. Click on the Windows Log Event tab.
    Alert Windows Event Log
  2. Click in the Information, Warning, or Error radio button to indicate which event types are written to the Windows Event Log.
  3. Click OK.

  1. Click on the Net Send tab.
    Alert Net Send
  2. Enter users, systems, or domains (separated by commas) to which to send alerts (as pop-up messages).
  3. Click OK.

  1. Click on the Unix Sys Log tab.
    Unix Sys log
  2. Enter the IP address of the system running the syslog daemon.
  3. Click OK.

  1. Click on the Ecora Log tab.
    Ecora log
  2. Select the logging level to be written to the Ecora log for alerting purposes.
  3. Click OK.



To create a trigger:

  1. Choose Edit... Alerts and Triggers... from the main menu.
  2. Click on the Triggers tab.
  3. Click New... (or select an existing trigger and click Edit...).
    Edit Trigger box
  4. On the Basics tab, enter a Name and Description for the trigger.
  5. Verify that the Enable option is checked.
  6. Use the drop-down list box to select the Severity level.
  7. Use the up/down arrows to set the ID.
    Trigger Basics
  8. Click on the Conditions tab.
  9. Use the drop-down list box to select the report Type (Data Collection Only, Documentation Report, Baseline Comparison Report, Change Report, Consolidated Change Log, Fact Finding Report, Patch Database Update).
  10. Use the drop-down list box to select desirable Scheduled Job name.
  11. Use the drop-down list box to select the Condition (System Failure, Failure, Success, Exceeds Time Limit, ).
  12. If you choose Device Failure, enter the Device name (blank = ALL).
  13. If you selected Exceeds Time Limit as the Condition, use the drop-down list box to select the Time Limit in minutes.
    Trigger Conditions
  14. Click on the Message tab.
  15. Enter the Message name.
  16. Enter the message body in the text box, using the drop-down to select variables and Insert button to include them in the message.
  17. Use the Start Repeat and End Repeat buttons to duplicate sections with different variables.
    Trigger Message
  18. Click on the Alerts tab.
  19. Use the expandable tree to locate the alert(s) you would like to use.
  20. Click in the checkbox for the alert(s) you wish to associate with this trigger.
    Trigger Alert
  21. Click OK to save the defined trigger.