Alarms are responsible for sending notifications to any syslog and/or webhook subscribers subscribed to the APP_ALARMS notifications.
Alarm notifications are sent out when alarms are raised, cleared, and severities are updated.
Note
From XCO 3.3.0 onwards, system sends out similar notifications for APP_ALERTS and APP_ALARMS.| Alarm Severity | Alert Severity | Syslog Severity | Syslog Enum | Description |
|---|---|---|---|---|
| 0 | Emergency | System unusable | ||
| Critical | Critical | 1 | Alert | Immediate action required |
| Major | Major | 2 | Critical | Critical condition |
| Minor | Minor | 3 | Error | Error condition |
| Warning | Warning | 4 | Warning | Warning condition |
| Indeterminate/Cleared | 5 | Notice | Normal, but significant condition | |
| Info | 6 | Informational | Informational messages | |
| 7 | Debug | Debug-level messages |
| Field | SD-ID (Structured Data ID) | Example | Description |
|---|---|---|---|
| <###> | N/A |
164 = (20 * 8) + 4 Alarm Range: 160-167 |
Priority Value: (Syslog Facility * 8) + Syslog Severity Syslog Facility: 20 local use 4 (XCO Alarms) See Syslog Severity. |
| Version | N/A | 1 | Version of syslog message |
| Timestamp | N/A | 2003-10-11T22:14:15.003Z | Timestamp of syslog message |
| Hostname | N/A | xco.machine.com | Hostname of XCO |
| App Name | N/A | FaultManager | Application generating syslog alarm |
| Proc ID | N/A | - | Process ID |
| Msg ID | N/A | 32000 | Alarm sub-type classification |
| Sequence ID | meta | 12 | Tracks the sequence in which messages are submitted to the syslog transport. The APPS_ALARMS topic maintains its own sequence id compared to other topics. |
| IP | origin | 10.20.30.40 | IP address of XCO host |
| Enterprise ID | origin | 1916 | Extreme Networks Enterprise ID |
| Software | origin | XCO | Software Name |
| SW Version | origin | 3.5.0 | Software Version |
| Resource | alarm | /App/System/Security/Certificate? type=app_server_certificate | XCO Health Resource path (with any query parameters) associated with the alarm. |
| ProbableCause | alarm | keyExpired | Reason for the Alarm (Attempt to map to IANA standards) |
| PerceivedSeverity | alarm | warning | Severity of the XCO Alarms See Alarm Severity. |
| EventType | alarm | security | Indicates the Category (Attempt to map to IANA standards) |
| BOMText | N/A | The application server certificate on the application will expire soon on “Sep 12 10:00:45 2023 GMT”. | (Byte Order Mask) Textual description of the Alarm‘s status update. |
The following is an example of Syslog Alarm:
<164>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - 32000 [meta sequenceId=”12”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.5.0”] [alarm resource=”/App/System/Security/Certificate?type=app_server_certificate” probableCause=”keyExpired” eventType=”security” perceivedSeverity=”warning”] [alarmData@1916 type="app_server_certificate" expiry_date="Sep 12 10:00:45 2022 GMT"] BOMThe application server certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”.
The following is an example of Webhook Alarm:
{
"type": "Alarm",
"timestamp": "2003-10-11T22:14:15.003Z",
"severity": "warning",
"message": "The application server certificate on the application will expire soon on \“Sep 12 10:00:45 2022 GMT\”",
"application": "faultmanager",
"source_ip": "10.20.30.40",
"device_ip": "",
"username": "",
"message_id": "",
"hostname": "tpvm1",
"logtype": "",
"task": "",
"scope": "",
"status": "",
"sequence_id": 12,
"alert_id": 0,
"alarm_id": 32000,
"resource": "/App/System/Security/Certificate?type=app_server_certificate",
"alarm_type": "security",
"alarm_cause": "keyExpired",
"alert_data": null,
"alarm_data": {
"type": "app_server_certificate",
"expiry_date": "Sep 12 10:00:45 2022 GMT",
}
}