DX Unified Infrastructure Management

Hello, so was asked to setup a processes profile in which client wants to be alerted if the PID is changed on a process. I got this setup and it works BUT I noticed that the alert for which the PID changed auto-clears on the next polling cycle which is useless. The alert will stay on the console for 60s then clear itself on the next poll b/c the probe detects the new PID, alerts, then on next poll its the same new PID and clears.  

Is there a way to not have the probe clear the process restart alert?

TLDR:

So I get the processes probe PID for profile XXXX changed alert:

IGNORE - DBLANCO - Calculator.exe [1]: Process Calculator.exe [1] has restarted with new pid = 2052. Old pid was = 17416.

but then clears on next poll. Need it to not auto clear so that someone see's this alerts and tickets it.

You have to do this via nas
create a new pre-Processor rule.

Filter Type: Exclude
Put a check in the severity level "green" on the left.
Set the probe to processes
then in the message string I used *calc*
for your real process pick a unique word that shows up in the initial alarm.

Downside is you now have to manually clear these alarms.

Lawrence

Hi Lawrence, that worked. Thank you. 

Just FYI the profile name is appended to the first part of the clear message that is sent out so that you can set this up on the nas for specific profiles as needed. 

Thank you for the quick reply.