is there a way to assign different severities for process down in a single probe? I.e. process java down criticl while process ntp down major alert.
Yes, it is possible. You need to create a new message with the severity you need (Setup -> Message Pool -> Message Pool). In my super template that I install on every machine, I've created several message levels for "process down". Then, in your process profile you need to create an override message for the correct token (Profile->Messages -> Message override list -> new). For example, if you want message when it goes down, you select your custom message and assign it to token "process_down".
I also do the same with other probes: cdm, ntservices, etc.
Now that I have all those custom messages there, it makes it easier to have "application" templates which can then give proper severities to their components. For example, I can have ntservices in the basic template put all running services to raise an alarm with "minor" severity on a server. Then I push Exchange template on to the machine, and it just configures an override for Exchange services so that they use message "UnexpectedCritical" instead of "UnexpectedMinor" when it is in an unexpected state.
I'm not sure if your business needs is fulfilled by probe (processes probe) side behavior,
however there is "escalate_level" action available in NAS probe Auto Operator feature.
Here is explanation of "escalate_level" action.
Escalate the severity level of the alarm(s) matching the filter criteria selected below. The severity is incremented to the next level.
Hope it helps.
Thanks for the reply but I need to lower the alarm before the message arrives on nis and processed by nas. I don't want to use a preprocessing rules.... If I have more then a monitoring profile into a processes probe, there should be a simple way to assign different severity for the processes down trigger...
I checked processes probe behavior, but unfortunately there doesn't seem to have such ability.
If NAS is not workable option for you, another option is alarm_enrichment probe for you.
alarm_enrichment can do similar thing (rule based alarm's property overwriting functionality). Only the difference is which probe takes care it of.
Fantastic Jon! thank you very much. Strange that I have opened a support request and the support told me it was not possible to do it and to submit an idea to be voted...
Jon. Thanks alot sharing info. I apologize for responses I made. I also studied.
Retrieving data ...