Alert Resolution

When an event or threshold occurs that matches an alert-generating processing rule, Microsoft Operations Manager 2000 (MOM) generates an alert. You can monitor alerts using the Monitor snap-in and the Web Console.

When you monitor alerts, you can read important information about each alert that helps you determine your next action. An alert includes the following properties, among others:

• Alert icon and severity
• Computer generating the event associated with the alert
• Resolution state
• Resolution history
• Knowledge base
• Custom alert fields

Resolution State

Resolution state indicates whether you have begun to resolve the alert. You can change the resolution state of an alert to track resolution progress. The default resolution states are defined as follows:

New

Indicates this alert has not yet been addressed. Alerts are New by default.

Acknowledged

Indicates that this alert has been read and acknowledged, but not assigned.

Level 1: Assigned to helpdesk or local support

Indicates that the help desk or local support is now responsible for this alert.

Level 2: Assigned to subject matter expert

Indicates that a subject matter expert is now responsible for this alert.

Level 3: Requires scheduled maintenance

Indicates that the alert identifies a condition requiring maintenance, which has been scheduled.

Level 4: Assigned to external group or vendor

Indicates that an external group or vendor is now responsible for this alert.

Resolved

Indicates that the condition that generated this alert has been handled or solved.

You can modify or delete the default resolution states (except New and Resolved) and also create your own to meet the needs of your network enterprise. Example custom resolution states might include In Progress or Deferred.

You can set a service level agreement time for each resolution state. Service level agreement time is the maximum time that an alert can remain in a particular resolution state. For example, company policy might require that no alert can remain in the New resolution state for longer than 10 minutes. If an alert remains in the New state for longer than 10 minutes, it is considered a service level exception. The Monitor snap-in provides a view of all service level exceptions.

Note

• Scripts can also change alert resolution states. For example, if you run a script to resolve an alert condition, the script can also change the resolution state to Resolved.

Resolution History

MOM automatically tracks and records all changes to alert properties, including changes made by a processing rule, changes made by scripts, and any automatic responses that have occurred. You cannot edit the automatic alert resolution history. It provides a record of alert resolution.

You can, however, add your own information to the resolution history. When you change the resolution state of a specific alert or when you have gathered more information about the issue, you can provide your own comments to keep an up-to-date record of the alert resolution process. Providing specific comments allows you to accumulate knowledge about this particular instance of the alert. By adding resolution comments to individual alerts, you can track how a particular condition was addressed. The resolution history is important in tracking the alert, particularly if the process of resolving the alert spans several operator shifts.

Knowledge Base

Processing rules can contain information about a specified event, alert, or performance condition. This information can describe the condition, its importance or significance, and provide details to help administrators resolve it. This information is stored with the processing rule, and is called the knowledge base. When you view the properties of an alert, you can examine the knowledge base. You can add information to the company knowledge base when you create a processing rule and when you resolve an alert.

Some knowledge base information is already contained in processing rules provided with Management Pack modules. This information is the Microsoft Knowledge Base. You cannot edit this information.

Over time, the company knowledge base can become invaluable to an organization. It reflects specific knowledge gained through experience, and is available to benefit others in your organization.

Custom Alert Fields

You can create your own custom alert property fields. You can view these fields when you view the properties of any alerts. Custom alert fields might include the following examples:

• Trouble-ticket number from a related help desk system
• Customer name whose service level agreement is affected by this indicated condition
• Building containing the affected computer