Alarm Status Change Notifications

Alarms are responsible for sending notifications to any syslog and/or webhook subscribers subscribed to the APP_ALARMS notifications.

Alarm notifications are sent out when alarms are raised, cleared, and severities are updated.

Note

Note

From XCO 3.3.0 onwards, system sends out similar notifications for APP_ALERTS and APP_ALARMS.
Table 1. Syslog Severity
Alarm Severity Alert Severity Syslog Severity Syslog Enum Description
0 Emergency System unusable
Critical Critical 1 Alert Immediate action required
Major Major 2 Critical Critical condition
Minor Minor 3 Error Error condition
Warning Warning 4 Warning Warning condition
Indeterminate/Cleared 5 Notice Normal, but significant condition
Info 6 Informational Informational messages
7 Debug Debug-level messages
Table 2. Syslog Alarm (RFC-5674) - Common Alarm Payload
Field SD-ID (Structured Data ID) Example Description
<###> N/A

164 = (20 * 8) + 4

Alarm Range: 160-167

Priority Value: (Syslog Facility * 8) + Syslog Severity

Syslog Facility:

20 local use 4 (XCO Alarms)

See Syslog Severity.

Version N/A 1 Version of syslog message
Timestamp N/A 2003-10-11T22:14:15.003Z Timestamp of syslog message
Hostname N/A xco.machine.com Hostname of XCO
App Name N/A FaultManager Application generating syslog alarm
Proc ID N/A - Process ID
Msg ID N/A 32000 Alarm sub-type classification
Sequence ID meta 12 Tracks the sequence in which messages are submitted to the syslog transport. The APPS_ALARMS topic maintains its own sequence id compared to other topics.
IP origin 10.20.30.40 IP address of XCO host
Enterprise ID origin 1916 Extreme Networks Enterprise ID
Software origin XCO Software Name
SW Version origin 3.5.0 Software Version
Resource alarm /App/System/Security/Certificate? type=app_server_certificate XCO Health Resource path (with any query parameters) associated with the alarm.
ProbableCause alarm keyExpired Reason for the Alarm (Attempt to map to IANA standards)
PerceivedSeverity alarm warning Severity of the XCO Alarms

See Alarm Severity.

EventType alarm security Indicates the Category (Attempt to map to IANA standards)
BOMText N/A The application server certificate on the application will expire soon on “Sep 12 10:00:45 2023 GMT”. (Byte Order Mask) Textual description of the Alarm‘s status update.

Example

The following is an example of Syslog Alarm:

<164>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - 32000

[meta sequenceId=”12”]
[origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.5.0”]
[alarm resource=”/App/System/Security/Certificate?type=app_server_certificate”
probableCause=”keyExpired”
eventType=”security”
perceivedSeverity=”warning”]
[alarmData@1916
type="app_server_certificate"
expiry_date="Sep 12 10:00:45 2022 GMT"]
BOMThe application server certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”.

The following is an example of Webhook Alarm:

{
  "type": "Alarm",
  "timestamp": "2003-10-11T22:14:15.003Z",
  "severity": "warning",
  "message": "The application server certificate on the application will expire soon on \“Sep 12 10:00:45 2022 GMT\”",
  "application": "faultmanager",
  "source_ip": "10.20.30.40",
  "device_ip": "",
  "username": "",
  "message_id": "",
  "hostname": "tpvm1",
  "logtype": "",
  "task": "",
  "scope": "",
  "status": "",
  "sequence_id": 12,
  "alert_id": 0,
  "alarm_id": 32000,
  "resource": "/App/System/Security/Certificate?type=app_server_certificate",
  "alarm_type": "security",
  "alarm_cause": "keyExpired",
  "alert_data": null,
  "alarm_data": {
    "type": "app_server_certificate",
    "expiry_date": "Sep 12 10:00:45 2022 GMT",
  }
}