Alerts What is an alert? An alert is the reaction of Pandora FMS to an inappropriate value of a module, event, or SNMP trap. This reaction is configurable and can consist of anything that can be triggered by a script configured in the Operating System where the Pandora FMS server processing the information runs. An alert is a combination of different elements: The module which contains the information, the generated event, or the sent SNMP trap. The condition that triggers the alert (template). The command that is executed when the latter happens. The action or the specific way of executing that command, which can be particular to a specific case or general for a group of cases. The general alert system allows creating them for each module of each agent, associating a single alert per module, although it can carry out one or several actions . It is a flexible system that allows defining applicable and generic templates for all modules, avoiding the need to define a specific alert for each module. Alerts consist of: Templates: They define the alert start conditions. For example, changing to a critical status. Actions: They indicate the specific way to execute a command, passing particular parameters such as module name, agent, etc. Commands: The final execution that the Pandora FMS server will perform when starting the alert. It can be writing to a log , sending an email, an SMS, executing a script , etc. The command must implicitly define where the parameters are passed in the call to the actual command. This template/action/command system is designed to generate very generic templates and actions that serve most cases and allow applying changes globally. The actions that Pandora FMS will perform in alert situations will eventually translate into executions on the server in the form of commands. Therefore, the command defines the "physical" or actual execution performed on the server. Commands are executed by the server that processes the data triggering the alert. There are predefined "internal" commands, such as generating an event or sending an email, which have an "invisible" command. Actions are the alert components where a command is related to generic variables; that is, they define the way the command is called. Alert templates define the alert trigger conditions and a default action. They are assigned individually to modules to determine under what circumstances a problem in the module in question will be alerted. There are several types of alerts: Simple alerts: Alerts generated on a module, as explained above. Event alerts: Alerts created based on events generated by the system, allowing work from a much more flexible perspective, as alerts are not generated based on the status of a specific module, but rather on an event ( which may even have been generated by several different modules from different agents ). These alerts are based on complex rules, where a single rule can accommodate modules with the same name from different agents without having to create each alert individually per agent/module. SNMP trap alerts: SNMP trap alerts have their own subsystem, unless we redirect an SNMP trap to an agent by forwarding traps using the SNMP Trap Forwarding option. Let's take the case where we have a module monitoring the saturation level of a company's network server. This is a critical element for the company, as a high level of saturation will affect network fluidity and employee productivity. We then generate an alert where, upon reaching a specific saturation level, Pandora FMS executes a command to relieve the workload on the network server, thus automatically preventing a high load saturation.