Accessing Events

Events Summary Screen

The events summary screen displays all events, and configures alerts and event generation. To view this screen, click Events on the CloudVision portal.

The Events screen provides the following information and functionalities:
  • Left Pane
    • A search field for events, devices, and interfaces
    • Buttons to perform a search based on severity levels (info, warning, error, and critical)
    • A toggle button to add and remove acknowledged events from search results
    • The count of events from search results
    • A button that allows you to display new events and also provides their count A list of events (the most recent are shown at the top of the list)
  • Right Pane
    • The count of all events and devices from search results
    • The time frame from which events are selected
    • Devices that have reported the most events and errors (shown in the Most Active Devices pane)
    • Most common events (shown in the Most Common Events pane)
    • Count of each error type from device errors (shown in the Event Severities pane)
    • A chronological history of all errors (shown at the bottom of the screen)
    Click the Events tab to view all events.
    Figure 1. Events Summary Screen

Event Details Screen

An event details screen displays appropriate event details, acknowledges the event, and configures event generation. To view this screen, click one of the events listed in the left pane from the Events screen.
Figure 2. Event Details Screen

This screen provides the following information and functionalities in the right pane:

  • Left arrow to return to the events summary screen
  • Warning of the event
  • Time when event details were captured
  • Hover the cursor on the event name. The system displays a popup window with event details.
Figure 3. Event Name Popup Window
The popup window provides the following options:
  • Click View Events to view search results with the same event name.
Figure 4. Search Results with the Same Event Name
  • Click Compare Metrics to navigate to the Explorer tab in Metrics app.
  • Hover the cursor on the event name. The system displays a popup window with device details in that location.
Figure 5. Location Name Popup Window

The popup window provides the following options:

  • Click View Events to view search results with the same location name.
Figure 6. Search Results with the Same Location Name
  • Click Compare Metrics to navigate to the Explorer tab under Metrics.
  • The Acknowledge button to acknowledge the appropriate event.
  • The Configure Event Generation button to configure the generation of appropriate event.
  • Metric details of the event
  • A chronological history of all errors (shown at the bottom of the screen)

Configuring Event Generations

Configuring events customizes the prerequisites of an event.

Perform the following steps to configure the settings for generating events:

  1. On the CloudVision portal, click the Events tab. The system displays the Events screen.
  2. Click Configure Event Generation at the upper right corner of the Events section. The system displays the Generation Configuration screen with all configurable events listed in the left pane.
    Figure 7. Generation Configuration Screen
    Note: Alternatively, you can go to an event details screen and click Configure Event Generation to configure rules for generating events.
  3. Click the required event in the left pane.
  4. Click Add Rule in the lower end of right pane. A new Condition pane is displayed on the screen.
    Figure 8. Add Rule Pane in Generation Configuration
  5. In the Condition pane, click on the search field. The system displays the list of configured devices tags.
    Figure 9. List of Configured Device Tags
    Note: Alternatively, you can type the required device tag in the search field for a quick search.
  6. Select preferred devices tags from the displayed list.
    Note: After you have selected the device, the system displays the count of matched devices. The rule is applicable to all devices when you do not select any device tag.
  7. Click on the Interfaces search field (available only for interface events).

    The system displays the list of configured interface tags..

    Figure 10. List of Configured Interface Tags
  8. Select preferred interface tags from the displayed list.
    Note: After you have selected an interface tag, the system displays the count of matching interfaces. The rule is applicable to all interfaces when you do not select any interface tag.
  9. Provide the following criteria required to generate events:
    • Severity - Select the severity type from the drop-down menu. Options include Info, Warning, Critical, and Error.
    • Threshold (applicable only to threshold events) - Type the threshold value.
    • Raise Time - Type the preferred wait time (seconds) to create an event after reaching the threshold limit.
    • Clear Time - Type the precise time (seconds) to delete an event after the current value goes below the threshold limit.
    Note: Select the Stop generating events and checking rules checkbox if you do not want to apply further rules for selected tags. If no tags are selected, further rules are not applicable to any device.
  10. Click Move up if you prefer to move this rule up in the priority list.
    Note: Rules are processed sequentially. The default rule is applied only when an event does not match any other rules. Click Delete rule to delete the corresponding rule. Click Move down in configured rules to move the corresponding rule down in the priority list.
  11. Click Save in the left pane.
    Note: Click View Configuration Differences in the lower left pane to view differences in event configurations.

Custom Syslog Events

The Custom Syslog Event creates syslog message events based on rule conditions. To end all similar active events, you must update the configuration as per the recommended action provided in the EOS System Message Guide.

An EOS System Message Guide is published with every EOS release. In the guide, you can find all the common system messages generated by devices, including the syslog facility, mnemonic, severity, and log message format. To download the guide, click https://www.arista.com/en/support/software-download and look for SysMsgGuide under EOS release Docs.

Note: Rules are processed sequentially. Events that don't match user created rule conditions are processed by default rule(s).

Perform the following steps to create a rule for generating syslog events:

  1. On the CloudVision portal, click the Events tab. The system displays the Events screen.
  2. Click Configure Event Generation at the upper right corner of the Events section.
    Note: Alternatively, you can go to an event details screen and click Configure Event Generation to configure rules for generating events.
    The system displays the Generation Configuration screen with all configurable event types listed in the left pane.
  3. Click Custom Syslog Event.
    Figure 11. Custom Syslog Event Screen
  4. Click +Add Rule in the right pane.
    A new condition pane is displayed on the screen.
    Figure 12. Conditions Pane for the Custom Syslog Event Rule
  5. Provide the following information in specified fields:
    • Active devices autocomplete field -
    • Generate an event for these conditions checkbox -
  6. Choose either Single Instance Events or Time Period Events using the toggle button.
  7. Based on your choice between single instance events and time period events, provide the following relevant conditions for generating a rule:
    Note: The corresponding fields appear after you choose the required event type.
  8. Save Changes button - Click to save specified changes.

Configuring Single Instance Events

CVP creates a single instance event whenever either the specified syslog ID matches with the device syslog ID or the specified syslog message matches with the device syslog message. See Figure 12.

Provide the following information in specified fields to configure a single instance event:

  • Syslog ID - Provide facility, severity, and mnemonic of a syslog with regular expressions in the following fields:
    • Facility field - Type the facility of syslog in either simple string or regular expression.
    • All severities field - Select the severity of the device.
      Note: If no severity is selected, CVP considers all available severities.
    • Mnemonic field - CVP creates a single instance event when the log message specified in this field matches with a device syslog message.
  • Log Message field - The log message to match against the device syslog message.
    Note: You must mandatorily configure either a syslog ID or a log message.
  • Mute Period field - CVP does not create another similar event using this rule on a given device until the time period specified in this field expires for the ongoing event.
    Note: This prevents a large number of events generated for the same device within a short period of time due to a repetitive syslog message.
  • Event Title field - Type the event title.
  • Severity From Syslog checkbox - Select the checkbox if you prefer CVP to select the severity of the generated event to be derived from the syslog message severity.
    Note: CVP uses the following syslog message severities to event severities:
    • [0, 1, 2] - Critical event
    • [3] - Error event
    • [4] - Warning event
    • [5,6,7,...] - Info event
  • Severity dropdown menu - Select the preferred severity of the generated event. Severity is configurable only when Severity From Syslog checkbox is not selected.
  • Event Description field - Provide the event description.
  • Ignore subsequent rules for selected devices checkbox - Select the checkbox to suppress generating events for a specific syslog or override upcoming configurations.
  • Move Up / Move Down buttons - Use this button to manage the sequence of configured syslog event rules.
  • Delete button - Click to delete the corresponding rule.
Note: Syslogs with high severities like 0 (Emergency), 1 (Alert), 2 (Critical), and 3 (Error) generate events by default unless they are ignored by user configured rules.

Configuring Time Period Events

Events can also be configured to be time period events that remain active between the syslog message that creates it and the syslog message that ends the event. See the figure below.
Figure 13. Configuring Time Period Event

Provide the following information in specified fields to configure a time period event:

  • Start Log Message field - CVP starts a time period event when the start log message specified in this field matches with a device syslog message.
    Note: The start log message must be a string without special characters.
  • End Log Message field - CVP ends a time period event when the end log message specified in this field matches with a device syslog message.
    Note: The end log message must be a string without special characters.
  • Parameter field - Type the variable that must be configured in log messages specified in the Start Log Message and End Log Message fields.
    • Value field - Type a variable for the specified parameter in either a simple string or a regular expression.
    • Add Value - Click to add another variable for the specified parameter.
Ethernet is a parameter with values as Ethernet1 and Ethernet2. See the figure below.
Figure 14. Example1 of Parameter Variables

In this case, the specified log messages matches with Ethernet1 and Ethernet2 values for either starting or ending an event.

Ethernet is a parameter with a value as Ethernet.*. See the figure below.
Figure 15. Example2 of Parameter Variables

In this case, the specified log messages matches with all ethernet values like Ethernet1, Ethernet1/2, Ethernet1/3, and so on for either starting or ending an event.

  • Raise Time field - After a start rule matches, the starting of an event is delayed for the duration specified in this field.
    Note: If the end event log message arrives before this delay elapses, the event is not generated. This option is useful in situations where you wish to generate an event only when a syslog condition has persisted for at least some set period of time.
  • Clear Time field - After an end rule matches, the ending of the ongoing event is delayed for the duration specified in this field.
    Note: If the start event log message arrives before this delay elapses, the event is not ended and will continue as an active event. This option is useful in situations where you wish to generate a long single event which may encompass several start/end conditions being met during a set period of time.
  • Event Title field - Type the event title.
  • Severity From Syslog checkbox - Select the checkbox if you prefer CVP to select the severity of the generated event to be derived from the syslog message severity.
    Note: CVP uses the following syslog message severities to event severities:
    • [0, 1, 2] - Critical event
    • [3] - Error event
    • [4] - Warning event
    • [5,6,7,...] - Info event
  • Severity dropdown menu - Select the preferred severity of the generated event. Severity is configurable only when Severity From Syslog checkbox is not selected.
  • Event Description field - Provide the event description.
  • Ignore subsequent rules for selected devices checkbox - Select the checkbox to suppress generating events for a specific syslog or override upcoming configurations.
  • Move Up / Move Down buttons - Use this button to manage the sequence of configured syslog event rules.
  • Delete button - Click to delete the corresponding rule.
Note: A configuration change in the current rule ends all ongoing events.

Managing Events

You can manage an event by customizing event rules differently. Refer to the following examples:

Disabling All Events of the Selected Type

Perform the following steps to disable all events of the selected type:

  1. Navigate to the Generation Configuration screen.
  2. Click the required event type in the left pane.
  3. In the right pane, Click the + Add Rule button.
    Note: Retain only one rule with no values defined. To disable the event only for selected datasets, select appropriate devices tags in the Devices field.
  4. Select the Stop generating events and checking rules checkbox.
    The system disables all events of the selected event type.
    Figure 16. Disable All Events of the Selected Type
  5. Click Save in the left pane.

Disabling All Events of the Selected Type with Exception

Perform the following steps to disable all events of the selected type with exceptions:
  1. Navigate to the Generation Configuration screen.
  2. Click the required event type in the left pane.
  3. In the right pane, Click the + Add Rule button.
  4. In the Conditions pane, provide the device tags that you still want to generate an event for. The system creates rule 1.
    Note: If you need devices with different conditions, add another rule by repeating steps 3 and 4
  5. Click the + Add Rule button.
  6. In the appropriate Conditions pane, select the Stop generating events and checking rules checkbox. The system creates rule 3.
    Note: If you skip steps 5 and 6, the system applies default rules to all device tags except the ones that are defined in rules 1 and 2.
    Figure 17. Disable All Events of the Selected Type with Exception

    The system disables all events of the selected type except the ones that are defined in rules 1 and 2.

Acknowledging Events

Acknowledging an event confirms that you are aware of the corresponding event and its consequences. By default, acknowledged events are hidden and do not send alerts.

Perform the following steps to acknowledge an event:
  1. Click the Events tab. The system displays the Events screen.
  2. Select preferred event(s) in the side panel.
  3. Click Acknowledge n in the upper right corner of the side panel.
    Note: n represents the count of selected events.
    The system displays the Acknowledgment Event window.
    Figure 18. Acknowledgment Event Pop-Up
  4. (Optional) Type a note for other users explaining the reason for the acknowledgment.
  5. Click Acknowledge n events where n represents the count of selected events.
    Note: For acknowledged events, the system replaces the Acknowledge button with Un-Acknowledge button. To undo the acknowledgment activity, Click Un-Acknowledge in the side panel of the acknowledged event.

Configuring Notifications

The event alerting system sends notifications for CVP events as they alert operating platforms that you have set up. Once you have customized the topology view for your network, provide the required information to configure the monitoring of notifications.

Perform the following steps to configure event alerts:

  1. Click the Events tab.
  2. Click Configure Notifications at the upper right corner of the Events section. The system displays the Notification Configuration screen.
  3. Configure the following entities:
  4. Click Save in the left pane

Configuring Status

The Status section configures monitoring the health of notification system.

Perform the following steps to configure the notification criteria:
  1. Click Status. The system displays the Status screen.
    Figure 19. Status Screen of Notification Configuration
  2. On the Test Alert Sender pane, provide the required criterion in Severity, Event type, and Device drop-down menus.
  3. If required, click Send Test Notification to verify current configuration.

Configuring Platforms

The Platforms section specifies what platforms will receive notifications.

Perform the following steps to configure preferred platforms:
  1. Click Platforms. The system displays the Platforms screen.
    Figure 20. Platforms Screen of Notification Configuration
  2. Configure any of the following platforms through which you prefer to receive notifications from CVP:
    • Email

      Provide the following information to receive email notifications:

      • Type your SMTP servers hostname and port number separated by a colon in the SMTP Host field.
        Note: Typically, the port numbers of SMTP and SMTP over TLS are 25 and 587.
      • Select the Use TLS for SMTP checkbox if you prefer to encrypt notifications received from and sent to the SMTP server.
      • Type the email address that you prefer to display as a sender in the Email "From" Address field.
        Note: We recommend an email address with the domain of your organization.
      • Type the username of your SMTP account in the SMTP Username field.
      • Type the password of your SMTP account in the SMTP Password field.
    • Slack

      Create a custom integration through the Incoming WebHooks Slack application and type the Webhook URL in the Slack Webhook URL field.

    • VictorOps
      • In your VictorOps settings, add a new alert integration for Prometheus and type the Service API Key in the VictorOps API Key field.
      • If required, type a custom API URL in the VictorOps API URL field.
    • PagerDuty

      If required, type a custom API URL in the PagerDuty URL field.

    • OpsGenie
      • Create an API integration for your OpsGenie team and type the API key in the OpsGenie API Key field.
      • If required, type a custom API URL in the OpsGenie API URL field.
    • WeChat
      • Type your WeChat credentials in the WeChat API Secret field.
      • Type your WeChat corporate ID in the WeChat Corporate ID field.
      • If required, type a custom API URL in the WeChat API URL field.

Configuring Receivers

The Receivers section configures a receiver for each preferred team to send notifications and link receivers to notification platforms.

Perform the following steps to add new receivers:
  1. Click Receivers. The system displays the Receivers screen.
    Figure 21. Receivers Screen of Notification Configuration
  2. Click Add Receivers at the end of the screen.
  3. Type receiver's name in the Receiver Name field.
    Figure 22. Add Receiver Pane
  4. Click the Add Configuration drop-down menu.
  5. Select any of the options in following table and provide the required information to link alert receivers with alerting platforms.
    Table 1. Configuration Options
    Configuration Options Required Information
    Add Email Configuration
    • Type recipient's email address in the Recipient Email field.

    • If required, select the Send alert when events are resolved checkbox.

    Add VictorOps Configuration
    • Type a routing key in the Routing Key field.

    • If required, select the Send alert when events are resolved checkbox.

    Add PagerDuty Configuration
    • Type a routing key in the Integration Key field.

    • If required, select the Send alert when events are resolved checkbox.

    Add OpsGenie Configuration Select the Send alert when events are resolved checkbox.
    Add Slack Configuration
    • Type a channel in the Channel field.

    • If required, select the Send alert when events are resolved checkbox.

    Add WeChat Configuration Select the Send alert when events are resolved checkbox.
    Add Pushover Configuration
    • Type a recipient's user key in the Recipient User Key field.

    • Type a pushover API token in the Application API Token field.

    • If required, select the Send alert when events are resolved checkbox.

    Add Webhook Configuration
    • Type the URL where you prefer to post event alerts in the Target URL field.

    • If required, select the Send alert when events are resolved checkbox

    Note: Click the recycle bin icon at the right end of corresponding fields if you prefer to delete that configuration. Click Delete Receiver next to Add Configuration if you prefer to delete the corresponding receiver.

Configuring Rules

The Rules section customizes notifications that are sent to receivers.

Perform the following steps to add a new rule:

  1. Click Rules. The system displays the Rules screen.
    Figure 23. Rules Screen of Notification Configuration
  2. Click Add Rules. A new Rules Conditions pane is displayed on the screen.
    Figure 24. Rule Conditions Pane
  3. Next to Add Conditions, click Severity, Event Type, Device, and Device Tags to provide the criteria that are used for monitoring the health of the alerting system.
    Note: Click Remove at the end of a field to delete that configuration.
  4. Select the required receiver from the Receiver drop-down menu.
  5. Select required checkboxes among Severity, Event Type, Device, and Interface to group similar events into a single alert.
  6. Select the Continue checking lower rules checkbox to continue checking for alerts if this event matches subsequent rules.
  7. Click Move up if you prefer to move this rule up in the priority list.
    Note: Rules are processed sequentially. The default rule is applied only when an event does not match any other rules. Click Delete rule to delete the corresponding rule. Click Move down in configured rules to move the corresponding rule down in the priority list.