Managing Events

It is possible that an error message about the PDB storage size may appear when applying changes to other fields under ToolsOptions. The “PDB storage size” value is checked each time a  user clicks OK or Apply in the “Options” dialog. Therefore, if the amount of disk free space decreased after the “PDB storage size” value was saved last time an error message may appear.

Refresh the Event List

Events in SE-Viewer may be manually refreshed. The 'Computers' and 'Applications' dashboard may be either manually or automatically refreshed.

To refresh the event list from the Main Menu

• Open SE-Viewer
• Open the 'Actions' menu
• Select the 'Refresh' menu item

To refresh the event list from the Toolbar

• Open SE-Viewer
• Select the option from the toolbar below the Main Menu

Managing dashboard caching

This setting (in conjunction with setting the cache refresh rate) allows you to configure how long the 'Computers' and Applications dashboard information remains cached before it refreshes the information. Loading the cached information on the screen is much faster than the time it takes to calculate all of the statistical information.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'View' tab
• Check/clear the 'Allow Dashboard cache' checkbox
• Click OK

Setting the cache refresh rate

This setting (in conjunction setting the cache checkbox field) allows you to configure how long the 'Computers' dashboard information remains cached before it refreshes the information. Loading the cached information on the screen is much faster than the time it takes to calculate all of the statistical information.

The cache refresh rate can only be set when dashboard caching is enabled.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'View' tab
• Set the 'Refresh Dashboard cache every X seconds' field
• Click OK

Managing automatic page refresh

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'View' tab
• Check/clear the 'Allow automatic refresh for Dashboard pages' checkbox
• Click OK

Setting the page refresh rate

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'View' tab
• Set the 'Refresh Dashboard every X seconds' field
• Click OK

Controlling Event Storage

Events may be deleted either manually through the 'Delete Events' menu item (which opens a wizard to choose which events to remove) or through the auto-trim feature

Delete all events

• Open SE-Viewer
• Open the 'Delete Events Wizard' by opening the 'Actions' menu and choosing 'Delete Events', or choose the option from the toolbar below the Main Menu
• Wait for the wizard to open
• Select Delete all events
• Click Next
• Review and approve the summary about the conditions and number of events which will be deleted.
• Click Next

Event deletion is asynchronous. The wizard will display a progress bar.

• Click Finish

Delete old events

Events may be selected for deletion based on months or days of age.

• Open SE-Viewer
• Open the 'Delete Events Wizard' by opening the 'Actions' menu and choosing 'Delete Events', or choose the option from the toolbar below the Main Menu
• Wait for the wizard to open
• Select Delete old events
• Click Next
• Select either the first radio button for months, or the second for days
• Enter the number of days or months of age in the appropriate text field
• Review and approve the summary about the conditions and number of events which will be deleted.
• Click Next
• Click Finish

Delete events in the current view

• Open SE-Viewer
• Open the 'Delete Events Wizard' by opening the 'Actions' menu and choosing 'Delete Events', or choose the option from the toolbar below the Main Menu
• Wait for the wizard to open
• Select Delete events in the current view
• Click Next
• Review and approve the summary about the conditions and number of events which will be deleted.
• Click Next
• Click Finish

Want to delete a specific event? Use the SE-Viewer 'Events' criteria to display the selected event in the View Pane, and then delete events in the current view

Auto-trim the number of events in the database

This setting allows you to control how many of the most recent events are stored in the database. The default value is 5000 events.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• In the 'Keep the N most recent events in the database' field, set N to the maximum number of events that you want save in the database
• Click OK

Auto-trim the number of events in groups

This setting allows you to control how many of the most recent events are kept in an event group, and limits the number of records in the database. Specifically it means that event groups should contain the last N events only. The default value for N is 500 events.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• In the 'Keep the N most recent events in an event group' field, set N to the maximum number of events that you want to save for event groups
• Click OK

Auto-trim event details kept per group

This setting allows you to determine the number of events in an event group that will keep their event detail data, and limits the database size. Specifically it means that row event data should be deleted from an event when there are more than N newer events in the event group. The default value for N is 20.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• In the 'Keep details for the N most recent events in an event group' field, set N to the maximum number of events that you want to save event details for.
• Click OK

Auto-trim the number of event groups

This setting allows you to control how many of the most recent event groups are stored, and limits the number of records in the database. Specifically it means that Event Groups with a Last Event Date older than the threshold should be purged from the system. The default threshold value is 1 year.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• In the 'Delete event groups older than N months' field, set N to the maximum number of months old that an event group can be before it is deleted.
• Click OK

Auto-trim 'Deleted' status events

This setting allows you to control how soon events marked for deletion are actually removed from the system, and limits the number of records in the database. Specifically it means that events marked with a 'Deleted' status for longer than the threshold should be purged from the system. The default threshold value is 24 hours.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• In the 'Delete events with a 'Deleted' status more than N hours' field, set N to the maximum number of hours that an event can be marked as 'Deleted'  before it is deleted.
• Click OK

Auto-trim 'By Design' status events

This setting allows you to control how soon events marked as 'By Design' are actually removed from the system, and limits the number of records in the database. Specifically it means that events marked with a 'By Design' status for longer than the threshold should be purged from the system. The default threshold value is 72 hours.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• In the 'Delete events with a 'Deleted' status more than N hours' field, set N to the maximum number of hours that an event can be marked as 'Deleted'  before it is deleted.
• Click OK

Control Communication with Other System Components

The URLs to other system components are set here:

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab

 SE-Viewer Console address :

This address is used:

• to form links to SE-Viewer when the user right clicks a link and selects "Open in new tab/new window"
• when forming a subscriber email
• when forming a silent cmd script to install the Intercept Agent (OptionsDownload WizardAgentSilent installation)

Advisor Console address :

This address is used when AVIcode Advisor is installed so that users can click the Advisor tab in Navigation Pane of SE-View

Collector web-service path:

This address is used for silent cmd script to install the Intercept Agent for  Desktop installations (OptionsDownload WizardAgentSilent installation for Desktop)

Control the Event Display

Number of events to display in the View Pane

This option controls how many events will be displayed per page in the SE-Viewer View Pane.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'View' tab
• In the 'Display N events per page in event view' field, set N to the maximum number of events to display in each page
• Click OK

Number of events to display per Event Group

This option controls how many events will be displayed per page in the event detail windows

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'View' tab
• In the 'Display N events per page for an event group' field, set N to the maximum number of events to display in each page. This setting pertains to the 'Similar Events' and 'Related Events' tabs in the event detail windows.
• Click OK

Sending Event Notifications

Automatic Notifications through Subscribers

Intercept SE-Viewer provides a subscriber interface for event notification to support integrating with third party systems (i.e. defect tracking systems, network Management Systems). The subscriber interface allows registering of any number of subscribers.

Intercept supports the following types of subscribers

• E-Mail Subscriber
• WMI Subscriber
• Windows Event Log Subscriber: Intercept SE-Viewer supports creating a Windows Logging subscriber, so that other Management Systems can pick up Intercept events via the Windows Event Log.

Set the SE-Viewer console address

To configure SE-Viewer subscribers, you must first set the URL of your SE-Viewer Server into the system. This is because links to SE-Viewer are provided in the notifications.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Data' tab
• Set the DNS address of the SE-Viewer location, using the format: http[s]://servername.domainname[:port]/seviewer. You should be able to copy and paste this name into any browser on your network and access SE-Viewer.
• Click OK

Create new notification rule

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Notifications...' menu item
• Wait for the wizard to open
• Select 'Create new notification rule'.
• Click Next
• Use the dropdown to select from E-Mail message, Windows event log entry or WMI event notification type.
• Click Next
• Provide a name for this subscriber rule. For email subscribers, also enter a valid SMTP server address, a sender address such as Intercept@yourcompany.com and the email address(es) to send the event notification to. The email subject should not be changed.
• Test the notification. For email subscribers, click Send Test E-Mail, and check to see if the email recipient receives the email. For Windows Event Log subscribers, click Send Test Notification, then open the Windows Event Viewer, and check that there is a new event group called '.NET Application Log' and that an event exists that says "This event was generated by Intercept SE-Viewer notification test". For WMI subscribers, run WBEMTEST (a good testing utility available for any version of Windows):
• Create a WMI notification rule
• Run WBEMTEST
• Connect to root\Intercept namespace
• Create a notification query 'SELECT * FROM SemEvent'
• Click Send Test Notification to ensure that it if it arrives to WBEMTEST
• Click Next
• Select when notifications will be sent
• Click Next
• Select which aspect you wish to be notified about: 'Performance', 'Connectivity', 'Uncategorized', 'Application failures', 'Security', 'System failure'. The 'Uncategorized' value is used to represent 'Operational Info'.
• Select which Applications you would like to see events for.
• Click Next
• Click Finish

Modify a notification rule

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Notifications...' menu item
• Wait for the wizard to open
• Select 'Modify notification rule'.
• Click Next
• Select the rule to modify.
• Click Next
• Make your modifications.
• Click the test button to ensure that the notification functioning properly.
• Click Next
• Modify when notifications will be sent
• Click Next
• Modify whether to be notified about performance and/or exception events, or modify which Applications you would like to see events for.
• Click Next
• Click Finish

Delete a notification rule

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Notifications...' menu item
• Wait for the wizard to open
• Select 'Delete notification rule'.
• Click Next
• Select the rule to delete.
• Click Next
• Read the deletion warning message.
• Click Next to continue with the deletion, or 'Cancel >' to cancel the deletion
• Click Finish

Manual Notifications

Notify a user via email

User notification opens an email that you can past events into. This assumes that you have already created users.

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Users...' menu item
• Wait for the wizard to open
• Select 'Notify user'
• Click Next
• Select the user(s) to notify
• Click Next
• An email will open addressed to the selected user(s), into which you can paste links or write other messages

Copy an event link

Copy Link copies the link to the event or group (depending on the current view in the event detail window) to the clipboard for pasting into other applications like email or instant messaging tools.

• Open an event details window
• Open the 'Actions' menu
• Select the 'Copy link' menu item
• Paste the link into any application

Email events

This option opens the 'Send Wizard', which lets you manually send events to a mail recipient, and adjust event information before sending it. The wizard opens an email with the event description in the subject line. The body of the message contains: A link to the event or group (depending on the current view), UTC Event Date, Event Source, Machine Name, Event Class and description. To use this wizard:

• Open an event details window
• Open the 'Actions' menu
• Select the 'Send to...' menu item
• Click Next
• When a new mail message from your mail client opens, set the address information
• Enter a Ctrl+V into the email to add additional detailed stack information into the email
• Make any other modifications that you require before sending the email.

Exporting and Importing Events

This feature is very useful for sending events to AVIcode Technical Support when you have questions about the contents of an event.

Export Events

The 'Save as...' option allows you to export events to a '.dat' file that can be imported into any SE-Viewer of the same version through SE-Viewer's 'Import' option. If you have a question about a particular event, AVIcode Technical Support may ask you to export it and send it to them.

• Open an event details window
• Open the 'Actions' menu
• Select the 'Save as...' menu item
• When the 'File Download' popup opens, select 'Save'
• Select when to save the file

Import Events

The 'Import...' option allows you to import events that were previously exported to a '.dat' file. Once an event has been imported, an event details window for it will open.

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Import...' menu item
• Wait for the 'Import Management Wizard' to open
• Click Next
• browse to a saved event file ('.dat' unless the extension was changed when the file was saved)
• Click Next
• Click Finish

Securing Data Access

Intercept Studio supports two types of users and four modes of authentication.

About Users and Security

There are two types of Intercept Studio users: Administrators and normal users. Administrators have access to all functionality, and set up access for the normal users. Normal users only have access to the applications that the administrator assigns them to.

Intercept Studio supports four (4) security modes for the SE-Viewer web site: Anonymous, Basic, Integrated and Custom.

Anonymous windows authentication set on SE-Viewer in IIS without any Custom SE-Viewer authentication will allow any user with access to SE-Viewer to see all events for all applications.

The other 3 authentication methods will allow you to restrict user access by application. For Custom SE-Viewer authentication, the Windows authentication remains as Anonymous, and SE-Viewer stores user names in its own database. For Windows Basic and Integrated authentication, SE-Viewer uses windows domain accounts.

To enable SE-Viewer security, you must first enable Anonymous, Basic (with Anonymous disabled) or Integrated (with Anonymous access disabled) authentication for SE-Viewer in IIS.

For Integrated and Basic authentication, you then open SE-Viewer and specify the [Domainname]/username for the administrator. Follow the directions below for further details.

IIS Settings for SE-Viewer

Anonymous Authentication Mode: Enabling Anonymous Authentication in IIS will allow all users to access SE-Viewer as long as the 'Restricted' checkbox is not checked on this 'Security Mode' tab.

Basic Authentication mode: Enabling Basic Authentication in IIS will allow only users added through the Users tab to use SE-Viewer when the 'Restricted' checkbox is checked on this 'Security Mode' tab.

Integrated Authentication mode: Enabling Integrated Authentication in IIS will allow only users added through the Users tab to use SE-Viewer when the 'Restricted' checkbox is checked on this 'Security Mode' tab.

Custom Authentication mode: Enabling Anonymous Authentication in IIS and checking the 'Restricted' checkbox on this 'Security Mode' tab enables Custom Authentication, whereby only users added through the Users tab will have access to SE-Viewer. By default, there is an authentication timeout for custom authentication sessions that are longer than 30 minutes. See the section on Advanced Configuration for instructions to change this default.

Enabling Security

SE-Viewer is installed without any predefined users. When user switches on restricted mode, he should specify administrative account and its password in Options dialog.

To enable security

• Open Internet Explorer to SE-Viewer
• Open 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Security mode' tab
• Select the 'Security mode' checkbox, which will cause the 'Administrator login name' and 'Password' fields to appear
• Enter the administrator login name in the field provided. If you plan to use Windows authentication for the SE-Viewer web site, you must use a valid network user name ([Domainname]\[UserName]) for the administrator login.
• Enter the administrator password
• Confirm the administrator password >

The 'Security mode' tab is not available to non-administrator users when security is enabled

Enabling restricted security for SE-Viewer on this tab when the SE-Viewer web site is set for Basic, Integrated or Custom authentication modes in IIS will redirect you to log in using a valid user account. Once you are logged in, a new field will appear in the upper right-hand portion of the header bar that displays the user name and provides a button () so that you can log out.

Managing Users

When you are running Intercept Studio under the restricted security access mode, users that you create in the system may be restricted as to what Applications they can access, and whether they can delete events or add licenses.

Restricting Delete and License Privileges

In restricted mode, the administrator may choose to restrict permission for non-administrator users to delete events or modify licenses.

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Options...' menu item
• Select the 'Security mode' tab
• Check or clear the 'Allow delete event to all users' and/or the 'All users are able to add license' checkboxes as desired
• Click OK

Create a User

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Users...' menu item
• Wait for the wizard to open
• Select 'Create user'
• Click Next
• Enter the new user's Login name. Note that if you are currently using, or plan to use, windows authentication for SE-Viewer, that you must use a valid account name and precede it with domain-name \
• Also enter the Password, First name, Last name and Email address.
• Select whether the user will be granted Administrator rights
• Click Next
• Select which applications this user will have access to.
• Click Next
• Choose whether or not to create another user, and click Finish

Modify a User

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Users...' menu item
• Wait for the wizard to open
• Select 'Modify user'
• Click Next
• Select the user to modify
• Click Next
• Modify the new user's Login name, Password, First name, Last name, Email address or Administrator rights
• Click Next
• Modify which applications this user will have access to.
• Click Next
• Choose whether or not to modify another user, and click Finish

Delete a User

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Users...' menu item
• Wait for the wizard to open
• Select 'Modify user'
• Click Next
• Select the user(s) to delete
• Click Next
• Confirm deleting this user.
• Click Next
• Click Finish

Change user information

Once the system is in restricted mode, users have access to their profiles where they may change their user information.

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Profile' menu item
• Select the 'User info' tab
• Modify the first name, last name or email address in the fields provided

Change user password

Once the system is in restricted mode, users have access to their profiles where they may change their password.

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Profile' menu item
• Select the 'Password' tab
• Enter the old password in the 'Old password' field
• Enter the new password in the 'New password' field
• Confirm the password in the 'Confirm new password' field

Change user context selection

Once the system is in restricted mode, users have access to their profiles where they may change their context selection, which allows them to save the current application (UI) state.

• Open Internet Explorer to SE-Viewer
• Open the 'Tools' menu
• Select the 'Profile' menu item
• Select the 'Context' tab
• Click Save context to save the current application (UI) state

Sending Events via HTTPS

Events are sent from the agents to SE-Viewer through Hypertext Transfer Protocol (HTTP), but can be secured by using the Secure Socket Layer (HTTPS).

To use HTTPS:

• Open the Intercept Management Console
• Right-click the 'Applications' node
• Choose 'Properties' from the menu
• Go to the General tab
• Change the address of SE-Viewer to use HTTPS

Last update: Thursday, December 09, 2010 02:12:02 PM