How to create and manage monitors in Systems Management

Information applies to:

To create a monitor in Systems Management, follow the steps below:

1. Open a site and navigate to Devices > select a device > Monitor > Monitors radio button.
2. Scroll to the bottom of the page and click Add a monitor...
3. Select a Monitor Type and click Next.
4. Configure the Monitor Details. Please check the Monitor Details section below for further information.
   
   Monitor details - Device health and special purpose monitors
   
   

   Monitor type	Trigger details
   Online Status Monitor	You can choose: • Whether you want to be alerted if the device goes offline or comes online. • How long the device needs to be in either of these states before the alert is raised (0-60 minutes).
   CPU Monitor	You can choose: • What the CPU usage threshold should be (5-100%). • How long the device's CPU usage needs to be above the threshold before the alert is raised (0-60 minutes).
   Memory Monitor	You can choose: • What the memory usage threshold should be (5-100%). • How long the device's memory usage needs to be above the threshold before the alert is raised (0-60 minutes).
   Component Monitor	• From the drop-down list, select the component monitor you wish to run. Note that in order for a component monitor to appear in this list, it needs to be added to your Component Library first by downloading it from the ComStore or by creating and adding your own custom component. • Specify when the component monitor should be run. Note that the criteria in Trigger Details may differ depending on how the component monitor has been configured.
   Process Monitor	• Enter the process name. • Specify whether an alert should be raised if the process is running or not running OR if it has reached a certain CPU or memory usage (5-100%). • Specify how long the process should be in this state before the alert is raised (0-60 minutes). • If you want to kill the process if it triggers an alert as per the criteria you specified, select the check box of Attempt to kill the process if it triggers an alert. Note that this check box will only be active if you chose "the process is running / not running" option before.
   Service Monitor	• Enter the service name. • Specify whether an alert should be raised if the service is stopped or running OR if it has reached a certain CPU or memory usage (5-100%). • Specify how long the service should be in this state (0-60 minutes) and how much time after the device has booted (immediately - 60 minutes) before the alert is raised. • If you want to start or stop the service if it triggers an alert as per the criteria you specified, select the check box of Attempt to take remedial action. Note that this check box will only be active if you chose "the service is stopped / running" option before. • If you would not like to be alerted if the service has been disabled, select the check box of Do not alert Service Stopped messages if service has been disabled.
   Event Log Monitor	• Enter the event log name (e.g. Application, System, etc. as shown in the Windows Event Viewer). • Enter the event source name (as shown in the Event Log). Filter Details: Complete at least one of these fields (as shown in the Event Log): • Event Codes: enter one or more Event IDs, e.g. 1 56 5719. For Event ID examples, refer to Event Log examples. • Event Types: enter one or more of the following types: Critical, Error, Warning, Verbose, Information, 'Success Audit', 'Failure Audit'. • Event Descriptions: enter one or more words or phrases enclosed in quotation marks, of which at least one should be present in the Event Message Body. Additionally, use a - in front of a word or phrase to indicate that it should not be present in the message body (e.g. "backup failed" -partial). Use a space between filters of the same category to have the monitor apply an OR between them. For example, entering "failed" "error" in the Event Descriptions category will raise an alert if the event log entry contains either the words failed OR error (or both). Similarly, entering more than one event ID separated by a space (e.g. 1 56 5719) in the Event Codes field will alert if the event log contains any of these event codes.
   Software Monitor	• Enter the name of the software package you want to monitor. • Specify whether an alert should be raised if the software is installed / is uninstalled / changes version.
   Security Center Monitor	Select whether the Windows Security Center (Action Center) should be: • Activated • Disabled Note that it is not possible to configure the settings of the Windows Security Center (Action Center) through this monitor.
   Disk Usage Monitor Select	• The drive you want to monitor. • The threshold that needs to be passed for the alert to be triggered (% disk space used / GB disk space used / GB disk space free). • How long the device's disk usage needs to be in this state before the alert is raised. (0-60 minutes)
   File / Folder Size Monitor	• Select from the drop-down if you want to monitor a file or a folder and enter its full path. • Select from the drop-down if the size of the file or folder should be over or under the set threshold. • Enter the threshold for the file or folder size (MB) that needs to be passed for the alert to be triggered. •Specify how long the file or folder needs to be in this state before the alert is raised (0-60 minutes).
   KES Security Management Monitor	• KES is not installed • KES is not active (stopped or disabled) • Reboot is required (not applicable on Mac devices) • Active threats have been found (not applicable on Mac devices) • Configuration File deployment has failed • There is no valid license • Alert if database has not been updated for a specific number of days (maximum value: 365 days)
   Webroot Security Management Monitor	Select any of these options: • Webroot is not installed • Webroot is not active • Attention and reboot is required • Alert when an infection is found • No valid license • Alert if the system has been infected for longer than a specific number of hours (maximum value: 168 hours) • Alert if the Webroot license is due to expire within a specific number of days (maximum value: 365 days)
   Datto Monitor	Set the time window to monitor for errors. (1-48 hours)

   
   Monitor details - SNMP monitors (only available for Managed network devices and can only be applied at device level)
   
   

   Monitor type	Trigger detail
   Offline Monitor	• Select a Network Node Device that will be performing the monitoring on your network device. Offline monitors will create an alert if the device has been offline for 1 minute.
   Network Monitor	• Select a Network Node Device that will be performing the monitoring on your network device. • After clicking Next, specify the Trigger Details by selecting a Network Monitor Component from the drop-down list. This will provide the threshold for the monitor to raise an alert. • Once you have selected your Network Monitor Component, you will be able to modify its threshold for this specific device only, if necessary.
   Printer Monitor	A Printer Monitor will be enabled automatically on all sites with Managed printers. By default, this monitor will alert you if any issues are reported or consumables go below 25%. The monitor can be modified under the respective site's Policies tab.

   
   ESXi monitors (to be applied at account and site level only, as part of an ESXi policy)
   
   

   Monitor type	Trigger detail
   ESXi CPU	You can choose: • What the CPU usage threshold should be (5-100%). • How long the device's CPU usage needs to be above the threshold before the alert is raised (0-60 minutes).
   ESXi Memory Monitor	You can choose: • What the memory usage threshold should be (5-100%). • How long the device's memory usage needs to be above the threshold before the alert is raised (0-60 minutes).
   ESXi Data Store Monitor	• The threshold that needs to be passed for the alert to be triggered (% used / GB used / GB free). • How long the datastore needs to be in this state before the alert is raised (0-60 minutes).
   ESXi Temperature Sensor Monitor	• The temperature threshold that needs to be passed for the alert to be triggered (Celsius (°C)). • How long the temperature needs to be above the threshold before the alert is raised (0-60 minutes).
   ESXi Fan Monitor	An alert will be triggered if the status of any fan unit on any targeted device is other than "normal".
   ESXi Disk Health Monitor	An alert will be triggered if any disk on any targeted device registers disk health or RAID errors.
   ESXi PSU Monitor	An alert will be triggered if the status of any power supply on any targeted device is other than "normal".

5. Configure the Alert Details and Auto-Resolution Details.
   
   

   Field	Description
   Alert details	You can choose the priority of the alert that will be raised: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5
   Auto-Resolution Details	You can choose when the alert should auto-resolve itself, i.e., if it's no longer triggered for a certain period of time (1 minute - 1 week), it will be resolved automatically. The monitor will then be reset allowing further alerts to be raised. The following monitor types cannot be auto-resolved: Event Log Monitor, Software

6. Click Next.
7. Configure the Response Details, that is, specify what the response should be to a raised alert.
   
   

   Field	What to choose / Enter
   Run the following component	This field is not available for SNMP and ESXi monitors. Select this check box if you want to run a component as a response to the alert, then select the required component from the drop-down menu. If the selected component has been configured with variables, you can override them here. Note that in order for a component to appear in this list, it needs to be marked as a favorite.
   Email the following recipients	Select this check box if you want to send out a notification when the alert is raised. • Select Default recipients if you would like to notify the default Mail Recipients set up in Account Settings and Site Settings. • Enter Additional recipients. Add a name, an email address, choose the correct email type (HTML, text or both) and make sure to click Save. You can add more than one additional recipient. The email field only accepts the following characters: a-z, A-Z, 0-9, @, and !#$%&'`*+-|/=?^_{}~. If the Email the following recipients check box is selected but the Default recipients check box is not selected, you must enter and save a name and an email address in the Additional recipients area. • Advanced Options - Enter a string to be used as the Subject Line of the alert email. You can include the following: • [hostname]: hostname of the device • [description]: description of the device • [os]: operating system of the device • [user-defined X]: user-defined field where X is the user-defined field number. Refer to User-Defined Fields. • [lastuser]: last user login name logged into the device • [sitename]: name of the site in which the device resides • [category]: category of the alert raised (e.g. performance, service, process, event log, etc.) • [type]: type of the alert raised (e.g. memory, disk space, etc.) • [alert]: reason for the alert being raised • [ipaddress]: IP address of the LAN card of the device

8. Click Next.
9. Configure the Ticket Details if you want to create a ticket for this incident in Systems Management through standalone or advanced integrated ticketing, or in any PSA (Professional Services Automation) tool integration you may have configured in your account. Tickets are entirely separate from the alert. If you would like to use monitors to raise tickets in a PSA tool, make sure to configure the Ticket Details section. Alerts alone will not be able to synchronize with the PSA tool. Depending on the type of ticketing you use, complete the following fields:
   
   Standalone ticketing
   
   

   Field	What to choose
   New ticket	Select this check box if you want to create a ticket once the alert is raised. Once this check box has been selected, the remaining fields become editable as well.
   Assigned resource	Select who this ticket should be assigned to. The drop-down lists all the users of your account. Only one user can be selected per monitor.
   Priority	Select the Priority of the ticket to be raised: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5
   Ticket email notification	Select this check box if you want to notify the ticket owner about the ticket via email.
   Disable Auto-Resolution of Tickets	Select this check box if you would like to prevent the raised tickets from being auto-resolved if the alert is resolved.

   
   
   Advanced integrated ticketing
   
   

   Field	What to choose
   New ticket	Select this check box if you want to create a ticket once the alert is raised. Once this check box has been selected, the remaining fields will become editable as well.
   Add related ticket note	Select this check box to allow the alerts from this monitor to create a related ticket note. This requires the Systems Management Integration's global Related Alerts setting to be enabled. The check box will have no impact when the global Related Alerts setting is OFF. The check box will be checked and disabled when the New Ticket check box is not selected.
   	Systems Management PSA (Professional Services Automation) Alert Ticket Attributes
   Use the settings of the monitor type	Select this check box if you would like to apply the settings configured in the ticketing section of the Systems Management Integration.
   Source, Queue, Issue, Sub-Issue, Work Type	If you do not wish to use the settings above, select the required Source, Queue, Issue, Sub-Issue and Work Type from the drop-down lists. The drop-downs list those values that are currently active in Systems Management PSA. If the mapped device (that is, the PSA configuration item) has a contact assigned in PSA, that contact will be selected for the alert ticket by default.
   Use Subject Line from Response Details	You can choose any of these options: • Select this check box to use the Subject Line configured in the monitor's Response Details section as the Ticket Title. • Leave the check box unchecked and add a Subject Line to customize the Ticket Title. • Leave the check box unchecked and leave the Subject Line blank to apply a standard (automated) subject line as the Ticket Title. The Ticket Title field in PSA has a limit of 255 characters. If your Subject Line exceeds this limit, it will be cut off in the ticket's Ticket Title field at 255 characters.

   
   If the ticket creation fails (e.g. because of changes made to credentials, queues, categories, security settings, etc.), a notification email will be sent to the email addresses set to receive Alerts in the Email Recipients section of Account Settings. The notification email will specify the error message and the reason that caused the error.
10. Click Next. You will be returned to the monitor list for the device or the policy details page (if you are adding the monitor to a policy). There you can add another monitor if you want.

The changes will be pushed instantly on single devices if the Agent is online or as soon as it checks in to the platform. In case you are adding the monitor to a policy, the changes first need to be saved and pushed to be applied.