Using the Searches page, you can enable/disable alert notifications for individual search definitions and dispatch them via SMTP (email), SNMP or WMI.
To enable SMTP (email) alerts for individual search definitions:
1 Open the Searches page.
2 Expand the Private or Shared folders in the explorer view to locate the search to which an alert is to be associated. Select the search from the Search list in the right-hand pane.
3 Use one of the following methods to enable an alert:
• Right-click the search and select the Alert | Enable Transport | SMTP command.
• Open the Alert tab and select the SMTP check box and then the Alert Enabled check box. (If the Search Properties tabs are not being displayed, right-click the search definition and select Show Properties).
4 Using either of these methods displays the Alert Custom Email dialog allowing you to enter the email address of the person(s) who are to receive the alert notification.
Enter or click the browse button to specify the user(s) who are to receive the alert notification.
Selecting the browse button displays one of the following dialogs:
• The Select Active Directory Objects dialog (directory object picker) where you can use the Browse or Search page to locate Active Directory user(s). This dialog is displayed when no Exchange host is specified in the SMTP Configuration pane of the Coordinator Configuration page.
• The Search Users dialog allowing you to locate and select an Exchange user (Exchange tab) or an Active Directory user (Active Directory tab). This dialog is displayed when an Exchange host is defined in the SMTP Configuration pane of the Coordinator Configuration page.
NOTE: The right-click commands available for enabling/disabling alert notifications are available when multiple search definitions are selected. However, you can only enable/disable alert notifications using the Alert tab when a single search definition is selected.
NOTE: In order to dispatch configuration change alerts through email (SMTP) you must first enable email notification and define the mail server to be used on the Coordinator Configuration page. See Configure email alert notifications/reports in the Coordinator Configuration chapter.
NOTE: If SMTP is not configured, a message box will display stating that the coordinator email configuration has not been configured. Open the Administration Tasks tab and use the Coordinator Configuration page to configure SMTP.
By default, the values entered on the SMTP Configuration pane of the Coordinator Configuration page will be used for the following fields/settings:
• Reply To address
• Subject line
• email format (Plain Text or HTML)
• body of the email alert
If you do not want to use these default settings for the current search query, you can modify them on the Alert Custom Email dialog. To modify the body of the email alert, click the Configure Body button.
Once you have finished specifying the recipient email addresses, click OK to save your selections and close the dialog.
5 In addition, you can change the following alert configuration settings using the Alert tab (Search Properties tabs):
• By default, up to 50,000 events will be included in the alert history. Use the History Search Limit setting to change this value. (This setting is a global setting and changes made to this setting will be applied to ALL alerts.)
• By default, a maximum of 100 events will be included in a single alert email. Use the Events Per Email setting to change this number.
• By default the time zone of the machine where the Change Auditor client resides will be used for an alert’s date/time stamps in the email. To change the time zone to be used for these date/time stamps, select the time zone from the drop-down list.
• If you want to specify under what conditions an alert is to be sent, select the Smart Alert Enabled check box and specify the number of events that must occur within a specified time interval before generating/dispatching the alert.
By default, a smart alert is generated when the event occurs on any object the specified number of times. You can however, select the On a Single Object option to have the smart alert triggered when the event occurs on the same object the specified number of times.
6 When an alert is enabled, the following indicators are added to the Searches list:
• Type - the icon for the search (magnifying glass) changes to a check mark and the label changes from ‘Search’ to ‘Alert’ (e.g., Shared Alert)
• Alert - displays ‘Enabled’
• Alert To - displays the email address of any users who are to receive the alert email
• Alert Cc - if specified, displays the email address of any users who are to receive a copy of the alert email
NOTE: You can enter an individual email address or distribution list address in the To, Cc or Bcc fields. You can also send the alert notification to additional recipients by selecting the appropriate check box, as described below:
• Add Who - Select this check box to send an alert to the user who initiated the change that triggered the alert.
• Add Owner(s) - Select this check box to send an alert to the Exchange Mailbox owner whose mailbox was accessed by another user and their action triggered an alert. (This feature only applies to Exchange Mailbox Monitoring, which is available in Change Auditor for Exchange.)
• Add Managed By - For events associated with groups that are being managed by another account, select this check box to send an alert to the managing user’s email.
Once a check box is selected, select the corresponding option to add it to the To, Cc or Bcc field.
NOTE: If using the Alert tab, be sure to click the Save button to save the alert definition.
• Alert Bcc - if specified, displays the email address of any users who are to receive a blind copy of the alert email
To enable SNMP alerts for individual search definitions:
1 Open the Searches page.
2 Expand the Private and Shared folders in the explorer view to locate the search to which an alert is to be associated. Select the search from the Search list in the right-hand pane.
3 Use one of the following methods to enable an alert:
• Right-click the search and select the Alert | Enable Transport | SNMP command.
• Open the Alert tab at the bottom of the page, select the SNMP check box, then the Alert Enabled check box. (If the Search Properties tabs are not being displayed, right-click the alert definition and select the Show Properties menu command).
4 In addition, you can change the following alert configuration settings using the Alert tab (Search Properties tabs):
• By default, up to 50,000 events will be included in the alert history. Use the History Search Limit setting to change this value. (This setting is a global setting and changes made to this setting will be applied to ALL alerts.)
• If you want to specify under what conditions an alert is to be sent, select the Smart Alert Enabled check box and specify the number of events that must occur within a specified time interval before generating/dispatching the alert.
By default, a smart alert is generated when the event occurs on any object the specified number of times. You can however, select the On a Single Object option to have the smart alert triggered when the event occurs on the same object the specified number of times.
5 When an alert is enabled, the following indicators are added to the Searches list:
• Type - the icon for the search (magnifying glass) changes to a check mark and the label changes from ‘Search’ to ‘Alert’ (e.g., Shared Alert)
• Alert - displays ‘Enabled’
To enable WMI alerts for individual search definitions:
1 Open the Searches page.
2 Expand the Private and Shared folders in the explorer view to locate the search to which an alert is to be associated. Select the search from the Search list in the right-hand pane.
3 Use one of the following methods to enable an alert:
• Right-click the search and select the Alert | Enable Transport | WMI command.
• On the Alert tab, select the WMI check box and then the Alert Enabled check box. (If the Search Properties tabs are not being displayed, right-click the alert definition and select the Show Properties menu command).
4 In addition, you can change the following alert configuration setting using the Alert tab (Search Properties tabs):
NOTE: In order to generate SNMP alerts, SNMP must be installed and the trap receiver must be started.
NOTE: If using the Alert tab, be sure to click the Save button to save the alert definition.
NOTE: In order to generate WMI alerts, WMI must be installed and started. A WMI event consumer must also be running on the coordinator server.
5 When an alert is enabled, the following indicators are added to the Searches list:
• Type - the icon for the search (magnifying glass) changes to a check mark and the label changes from ‘Search’ to ‘Alert’ (e.g., Shared Alert)
• Alert - displays ‘Enabled’