Configuring alert definitions

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Following setup, a number of predefined alerts are configured. Each alert has a related Forefront TMG event. When the event occurs, the alert is triggered. You can enable or disable alerts, modify the event trigger for the alert, and modify the action to be performed when the alert is triggered.

You may want to define additional custom alerts. Preconfigured alerts exist for all events, but you may want to create a custom alert definition with a new condition. For example, the predefined alert Log Failure is triggered with the condition Any Forefront TMG Service. The action for the alert is to report the issue to the Windows event log and stop selected services. In addition to this alert, you may want to create another custom alert for the Log Failure event that sends an e-mail if logging fails for the Firewall service.

The following procedures describe how to modify alert definitions, and how to create custom alert definitions.

Modifying alert definitions

Use the following procedure to modify predefined and custom alert definitions.

To modify alert definitions

  1. In the Forefront TMG Management console, in the tree, click the** Monitoring** node.

  2. In the details pane, click the Alerts tab.

  3. On the Tasks pane, click Configure Alert Definitions.

  4. In the Alert Definitions list, select the alert you want to modify, and then click Edit.

  5. On the General tab, modify the name, category, and severity of the alert.

  6. On the Events tab, specify how many times the event occurs before the alert is issued and how the alert should be issued once that number is reached. You can specify how many times in total the event should occur before the alert is issued, or how many times the event occurs per second. If you specify both values, both limits must be reached before the alert is issued.

  7. On the Actions tab, specify the action that occurs when the alert is issued. By default, alerts are always reported to the Windows event log.

  8. To delete an alert definition from the list, select the alert in the Alert Definitions list, and then click Remove.

Creating custom alert definitions

Use the following procedure to create custom alert definitions using the New Alert Configuration Wizard.

To modify alert definitions

  1. In the Forefront TMG Management console, in the tree, click the** Monitoring** node.

  2. In the details pane, click the Alerts tab.

  3. On the Tasks pane, click Configure Alert Definitions.

  4. In the Alert Definitions list, click Add.

  5. Complete the New Alert Configuration Wizard. Note the following:

    1. On the Event and Conditions page, select the event that triggers the alert and any additional conditions.

    2. On the Server page, leave the default Any server setting.

    3. On the Category and Severity page, classify the alert.

    4. On the Actions page, specify the actions to be completed when the alert is triggered.

Concepts

Configuring alerts