We have problem where logmon alerts being closed automatically without taking any action on the alert, therefore teams complaining and Logmon alerts should not be closed without any action on the alert.
We have auto closure of 14 days and we are not able to identify the reason of this issue and now it has became very critical issue. we have UIM integration with SOI and SOI integration with ticketing TOOL.
Please help and let me know where i should look at to rectify this issue.
Do you have any Auto-Operator or script that programmatically closes the alarms?
We have rule of auto closure of 14 days, it means that tickets which are opened since 14 days are getting closed and new ticket being opened if issue is still persist.
However in this case tickets are getting closed after 1 or 2 days although team is working on the issue and no one closed the alarm at SOI end also.
Please let me know that how I can investigate that why logmon alerts are being closed automatically although they never closed automatically until or unless someone closing the ticket or closing alert at SOI end.
The (alarm) problem has been solved on the machine ? Or a new alarm with a new nimid for the same problem has been generated ?
Most of the recent logmon version have auto-clear mechanism i think (I mean when the problem is fixed).
Tickets being closed automatically although issue still persist and no new tickets getting generated, auto close rule will be applied only after 14 days and here tickets are getting closed after couple of days when engineer looking at the issue and issue has not fixed.
Therefore its very difficult for engineer also to keep track of issue as after some time tickets getting closed and going out of their radar.
These are string based log file alerts, therefore there is no chance of auto clear because we have not configured anything that when "failure" string won't be there in log file then alert should be closed as "update" scan mode always start from the last read location.
Please help that why its happening in this scenario where tickets should always closed manually not automatically and it might lead to severe consequences as teams will lose alerting of critical servers log files.
Three things to try:
set the nas log level to 3 or 5. Any script/AO action will be logged and you should see the closure
If you have n auto close AO, perhaps it is firing at an inappropriate time - you can right click on the AO and choose "Activity" - it might be a long list but if you know when a case was closed inappropriately and you see that time in the activity list then there might be a cause. If it's not there, then you know that AO wasn't responsible.
Set up an AO profile to match the close event and sent you an email - again, it won't tell you why but at least it will notify you when it happens so you can look
Hello Manish, in case the problem still persists I would suggest to open a support case for it.
I have already raised case# 00902613 on 28th November for this issue, could you please help to expedite as its a very very critical issue and need to resolve it ASAP as customer regularly chasing us for the solution.
Good morning Manish, I have notified the Engineer who is working at the case about the importance and urgency.
Thanks a lot Britta, I got a call from Engineer and she is going to pass it to SOI team as she wants to check from SOI end as well as its showing closed status as "SOI integration" although there is no rule on SOI and no one from SOI closing it.
I am waiting now SOI team response, could you please help me to get this issue resolved ASAP.