Accessing Events

Events Summary Screen

The events summary screen displays all events, and configures alerts and event generation. To view this screen, click Events on the CloudVision portal. The figure below displays the events summary screen.
Figure 1. Events Summary Screen
The Events screen provides the following information and functionalities:
  • Click the Event Generation button to configure generating new events. Refer to Configuring Event Generations.
  • Click the Notifications button to configure notifications. Refer to Configuring Notifications
  • Left Pane
    • Event Chart and Summary Tables tabs
      • The Event Chart tab displays the bar graphs of all events.
        Note: Hover the cursor over the different segments of the bar graph to view the count of severity events.
      • The Summary Tables tab displays Most Active Devices and Most Active Event Types in tabular formats.See the figure below.
        Figure 2. Event Summary Screen - Summary Tables
        Note: The severity levels include critical, error, warning, and info.
    • The Time Range dropdown menu to select the time span of events.
    • The Acknowledge button to acknowledges selected events.
    • The Un-Acknowledge button to renounce selected events.
    • A list of all events with selection checkboxes in a tabular format.
    • Click the Export Table to CSV button to download the table in csv format to your local drive.
  • Right Pane
    • The Reset Filters button to clear all filtering options.
    • The Current Time date picker to select the event start date.
    • Search field based on Title or Description and dropdown menus based on Event Type, Device, Acknowlegement State,and Active State.
    • Buttons to perform a search based on severity levels (Info, Warning, Error, and Critical)

Event Details Screen

An event details screen displays appropriate event details, acknowledges the event, and configures event generation. To view this screen, click one of the events listed on the Events screen.
Figure 3. Event Details Screen

This screen provides the following information and functionalities in the right pane:

  • Left arrow to return to the events summary screen
  • Click the Event Generation button to configure generating new events. Refer to Configuring Event Generations.
  • Click the Notifications button to configure notifications. Refer to Configuring Notifications
  • Displays the event description
  • Time when event details were captured
  • Hover the cursor on the event name. The system displays a popup window with event details.
Figure 4. Event Name Popup Window
The popup window provides the following options:
  • Click View Events to view search results with the same event name.
Figure 5. Search Results with the Same Event Name
  • Click Compare Metrics to navigate to the Explorer tab in Metrics app.
  • Hover the cursor on the event name. The system displays a popup window with device details in that location.
Figure 6. Location Name Popup Window

The popup window provides the following options:

  • Click View Events to view search results with the same location name.
Figure 7. Search Results with the Same Location Name
  • Click Compare Metrics to navigate to the Explorer tab under Metrics.
  • The Acknowledge button to acknowledge the appropriate event.
  • The Configure Event Generation button to configure the generation of appropriate event.
  • Metric details of the event
  • A chronological history of all errors (shown at the bottom of the screen)

Configuring Event Generations

Configure rules and conditions to customize event generation.

Perform the following steps to configure the settings for generating events:

  1. On the CloudVision portal, click the Events tab. The system displays the Events screen.
  2. Click Configure Event Generation at the upper right corner of the Events section. The system displays the Generation Configuration screen with all configurable events listed in the left pane.
    Figure 8. Generation Configuration Screen
    Note: Alternatively, you can go to an event details screen and click Configure Event Generation to configure rules for generating events.
  3. Click the required event in the left pane.
  4. Click Add Rule in the lower end of right pane. A new Condition pane is displayed on the screen.
    Figure 9. Add Rule Pane in Generation Configuration
  5. In the Condition pane, click on the search field. The system displays the list of configured devices tags.
    Figure 10. List of Configured Device Tags
    Note: Alternatively, you can type the required device tag in the search field for a quick search.
  6. Select preferred devices tags from the displayed list.
    Note: After you have selected the device, the system displays the count of matched devices. The rule is applicable to all devices when you do not select any device tag.
  7. Click on the Interfaces search field (available only for interface events).

    The system displays the list of configured interface tags..

    Figure 11. List of Configured Interface Tags
  8. Select preferred interface tags from the displayed list.
    Note: After you have selected an interface tag, the system displays the count of matching interfaces. The rule is applicable to all interfaces when you do not select any interface tag.
  9. Provide the following criteria required to generate events:
    • Severity - Select the severity type from the drop-down menu. Options include Info, Warning, Critical, and Error.
    • Threshold (applicable only to threshold events) - Type the threshold value.
    • Raise Time - Type the preferred wait time (seconds) to create an event after reaching the threshold limit.
    • Clear Time - Type the precise time (seconds) to delete an event after the current value goes below the threshold limit.
    Note: Select the Stop generating events and checking rules checkbox if you do not want to apply further rules for selected tags. If no tags are selected, further rules are not applicable to any device.
  10. Click Move up if you prefer to move this rule up in the priority list.
    Note: Rules are processed sequentially. The default rule is applied only when an event does not match any other rules. Click Delete rule to delete the corresponding rule. Click Move down in configured rules to move the corresponding rule down in the priority list.
  11. Click Save in the left pane.
    Note: Click View Configuration Differences in the lower left pane to view differences in event configurations.

Anomaly in Connectivity MonitorLatency

From the Events tab, select Anomaly in Connectivity MonitorLatency to configure event generation for latency events between devices and configured hosts. The events are designed to alert the user when the latency between a device and a configured host is outside of recent historical bounds.

Figure 12 is a sample event view for one of these events between the device with hostname `Oslo` and the cloudtracer host endpoint `www.bbc.co.uk`.

Figure 12. Anomaly Event View

Figure 13 explains various stages of this event.

Figure 13. Anomaly Event View Overlay

Prior to this event in Figure 13, the latency metric (green line in upper graph) is stable with minimal deviations. The historical bounds (blue shaded region) that determine when the metric is in a normal state has a small range with both the upper and lower bounds near the historical mean (dark blue line). The historical bounds are computed by adding and subtracting a fixed multiple of the current latency standard deviation to the current mean.

The anomaly score starts to increase from zero when the latency value strays outside of the historical bounds. The latency values that are outside the bounds are highlighted in red. The anomaly score is the total number of standard deviations outside the historical bounds. The anomaly score is the positive cumulative sum of the number of standard deviations outside of the historical bounds. For example, if the bounds are set as 3 standard deviations outside of the mean and we get a value of the latency that is 5 times the standard deviation away from the mean, the anomaly score will increase by 2. If the next latency value was 1.5 times the standard deviation outside of then mean then we would subtract 1.5 from the anomaly score. The anomaly score therefore keeps track of the cumulative deviation of the latency outside of the historical bounds. It is bounded below by zero.

Figure 14 provides a detailed explanation on computing the anomaly score.

Figure 14. Anomaly Score Computation

The event is generated when the anomaly score exceeds a threshold for a set period of time.

Note: You can configure the threshold and time duration in the event configuration rules.

The anomaly score starts to decrease when the latency values are inside the historical bounds. The historical bounds have increased based on recent deviations in latency which makes the system less sensitive than prior to the event. The event ends when the anomaly score is below the threshold for a set period of time.

Figure 15 provides a detailed explanation of the anomaly score decreasing when an event ends.

Figure 15. Decreasing of Anomaly Score

At the end of the time range, historical bounds are narrowing as the latency has now returned to a stable value with minimum deviations. The history needs approximately six hours to have negligible impact on the statistics and bounds.

This screen also provides the following additional metrics of this event (see Figure 16):

  • The other CloudTracer metrics are displayed for this device and host pair

  • The latency metric between other devices and this host

  • The latency metric between this device and other hosts

Figure 16. CloudTracer Event Additional View

Custom Syslog Events

The Custom Syslog Event creates syslog message events based on rule conditions. To end all similar active events, you must update the configuration as per the recommended action provided in the EOS System Message Guide.

An EOS System Message Guide is published with every EOS release. In the guide, you can find all the common system messages generated by devices, including the syslog facility, mnemonic, severity, and log message format. To download the guide, click https://www.arista.com/en/support/software-download and look for SysMsgGuide under EOS release Docs.

Note: Rules are processed sequentially. Events that don't match user created rule conditions are processed by default rule(s).

Perform the following steps to create a rule for generating syslog events:

  1. On the CloudVision portal, click the Events tab. The system displays the Events screen.
  2. Click Configure Event Generation at the upper right corner of the Events section.
    Note: Alternatively, you can go to an event details screen and click Configure Event Generation to configure rules for generating events.
    The system displays the Generation Configuration screen with all configurable event types listed in the left pane.
  3. Click Custom Syslog Event.
    Figure 17. Custom Syslog Event Screen
  4. Click +Add Rule in the right pane.
    A new condition pane is displayed on the screen.
    Figure 18. Conditions Pane for the Custom Syslog Event Rule
  5. Provide the following information in specified fields:
    • Active devices autocomplete field -
    • Generate an event for these conditions checkbox -
  6. Choose either Single Instance Events or Time Period Events using the toggle button.
  7. Based on your choice between single instance events and time period events, provide the following relevant conditions for generating a rule:
    Note: The corresponding fields appear after you choose the required event type.
  8. Save Changes button - Click to save specified changes.

Configuring Single Instance Events

CVP creates a single instance event whenever either the specified syslog ID matches with the device syslog ID or the specified syslog message matches with the device syslog message. See Figure 18.

Provide the following information in specified fields to configure a single instance event:

  • Syslog ID - Provide facility, severity, and mnemonic of a syslog with regular expressions in the following fields:
    • Facility field - Type the facility of syslog in either simple string or regular expression.
    • All severities field - Select the severity of the device.
      Note: If no severity is selected, CVP considers all available severities.
    • Mnemonic field - CVP creates a single instance event when the log message specified in this field matches with a device syslog message.
  • Log Message field - The log message to match against the device syslog message.
    Note: You must mandatorily configure either a syslog ID or a log message.
  • Mute Period field - CVP does not create another similar event using this rule on a given device until the time period specified in this field expires for the ongoing event.
    Note: This prevents a large number of events generated for the same device within a short period of time due to a repetitive syslog message.
  • Event Title field - Type the event title.
  • Severity From Syslog checkbox - Select the checkbox if you prefer CVP to select the severity of the generated event to be derived from the syslog message severity.
    Note: CVP uses the following syslog message severities to event severities:
    • [0, 1, 2] - Critical event
    • [3] - Error event
    • [4] - Warning event
    • [5,6,7,...] - Info event
  • Severity dropdown menu - Select the preferred severity of the generated event. Severity is configurable only when Severity From Syslog checkbox is not selected.
  • Event Description field - Provide the event description.
  • Ignore subsequent rules for selected devices checkbox - Select the checkbox to suppress generating events for a specific syslog or override upcoming configurations.
  • Move Up / Move Down buttons - Use this button to manage the sequence of configured syslog event rules.
  • Delete button - Click to delete the corresponding rule.
Note: Syslogs with high severities like 0 (Emergency), 1 (Alert), 2 (Critical), and 3 (Error) generate events by default unless they are ignored by user configured rules.

Configuring Time Period Events

Events can also be configured to be time period events that remain active between the syslog message that creates it and the syslog message that ends the event. See the figure below.
Figure 19. Configuring Time Period Event

Provide the following information in specified fields to configure a time period event:

  • Start Log Message field - CVP starts a time period event when the start log message specified in this field matches with a device syslog message.
    Note: The start log message must be a string without special characters.
  • End Log Message field - CVP ends a time period event when the end log message specified in this field matches with a device syslog message.
    Note: The end log message must be a string without special characters.
  • Parameter field - Type the variable that must be configured in log messages specified in the Start Log Message and End Log Message fields.
    • Value field - Type a variable for the specified parameter in either a simple string or a regular expression.
    • Add Value - Click to add another variable for the specified parameter.

Ethernet is a parameter with values as Ethernet1 and Ethernet2. See the figure below.

In this case, the specified log messages matches with Ethernet1 and Ethernet2 values for either starting or ending an event.

Figure 20. Example1 of Parameter Variables

Ethernet is a parameter with a value as Ethernet.*. See the figure below.

In this case, the specified log messages matches with all ethernet values like Ethernet1, Ethernet1/2, Ethernet1/3, and so on for either starting or ending an event.

Figure 21. Example2 of Parameter Variables
  • Raise Time field - After a start rule matches, the starting of an event is delayed for the duration specified in this field.
    Note: If the end event log message arrives before this delay elapses, the event is not generated. This option is useful in situations where you wish to generate an event only when a syslog condition has persisted for at least some set period of time.
  • Clear Time field - After an end rule matches, the ending of the ongoing event is delayed for the duration specified in this field.
    Note: If the start event log message arrives before this delay elapses, the event is not ended and will continue as an active event. This option is useful in situations where you wish to generate a long single event which may encompass several start/end conditions being met during a set period of time.
  • Event Title field - Type the event title.
  • Severity From Syslog checkbox - Select the checkbox if you prefer CVP to select the severity of the generated event to be derived from the syslog message severity.
    Note: CVP uses the following syslog message severities to event severities:
    • [0, 1, 2] - Critical event
    • [3] - Error event
    • [4] - Warning event
    • [5,6,7,...] - Info event
  • Severity dropdown menu - Select the preferred severity of the generated event. Severity is configurable only when Severity From Syslog checkbox is not selected.
  • Event Description field - Provide the event description.
  • Ignore subsequent rules for selected devices checkbox - Select the checkbox to suppress generating events for a specific syslog or override upcoming configurations.
  • Move Up / Move Down buttons - Use this button to manage the sequence of configured syslog event rules.
  • Delete button - Click to delete the corresponding rule.
Note: A configuration change in the current rule ends all ongoing events.

Managing Events

You can manage an event by customizing event rules differently. Refer to the following examples:

Disabling All Events of the Selected Type

Perform the following steps to disable all events of the selected type:

  1. Navigate to the Generation Configuration screen.
  2. Click the required event type in the left pane.
  3. In the right pane, Click the + Add Rule button.
    Note: Retain only one rule with no values defined. To disable the event only for selected datasets, select appropriate devices tags in the Devices field.
  4. Select the Stop generating events and checking rules checkbox.
    The system disables all events of the selected event type.
    Figure 22. Disable All Events of the Selected Type
  5. Click Save in the left pane.

Disabling All Events of the Selected Type with Exception

Perform the following steps to disable all events of the selected type with exceptions:
  1. Navigate to the Generation Configuration screen.
  2. Click the required event type in the left pane.
  3. In the right pane, Click the + Add Rule button.
  4. In the Conditions pane, provide the device tags that you still want to generate an event for. The system creates rule 1.
    Note: If you need devices with different conditions, add another rule by repeating steps 3 and 4.
  5. Click the + Add Rule button.
  6. In the appropriate Conditions pane, select the Stop generating events and checking rules checkbox. The system creates rule 3.
    Note: If you skip steps 5 and 6, the system applies default rules to all device tags except the ones that are defined in rules 1 and 2.
    Figure 23. Disable All Events of the Selected Type with Exception

    The system disables all events of the selected type except the ones that are defined in rules 1 and 2.

Acknowledging Events

Acknowledging an event confirms that you are aware of the corresponding event and its consequences. By default, acknowledged events are hidden and do not send alerts.

Perform the following steps to acknowledge an event:
  1. Click the Events tab. The system displays the Events screen.
  2. Select preferred event(s) in the side panel.
  3. Click Acknowledge n in the upper right corner of the side panel.
    Note: n represents the count of selected events.
    The system displays the Acknowledgment Event window.
    Figure 24. Acknowledgment Event Pop-Up
  4. (Optional) Type a note for other users explaining the reason for the acknowledgment.
  5. Click Acknowledge n events where n represents the count of selected events.
    Note: For acknowledged events, the system replaces the Acknowledge button with Un-Acknowledge button. To undo the acknowledgment activity, Click Un-Acknowledge in the side panel of the acknowledged event.

Configuring Notifications

The event alerting system sends notifications for CVP events as they alert operating platforms that you have set up. Once you have customized the topology view for your network, provide the required information to configure the monitoring of notifications.

Perform the following steps to configure event alerts:

  1. Click the Events tab.
  2. Click Configure Notifications at the upper right corner of the Events section. The system displays the Notification Configuration screen.
  3. Configure the following entities:
  4. Click Save in the left pane

Configuring Status

The Status section configures monitoring the health of notification system.

Perform the following steps to configure the notification criteria:
  1. Click Status. The system displays the Status screen.
    Figure 25. Status Screen of Notification Configuration
  2. On the Test Alert Sender pane, provide the required criterion in Severity, Event type, and Device drop-down menus.
  3. If required, click Send Test Notification to verify current configuration.

Configuring Platforms

The Platforms section specifies what platforms will receive notifications.

Perform the following steps to configure preferred platforms:
  1. Click Platforms. The system displays the Platforms screen.
    Figure 26. Platforms Screen of Notification Configuration
  2. Configure any of the following platforms through which you prefer to receive notifications from CVP:
    • Email

      Provide the following information to receive email notifications:

      • Type your SMTP servers hostname and port number separated by a colon in the SMTP Host field.
        Note: Typically, the port numbers of SMTP and SMTP over TLS are 25 and 587.
      • Select the Use TLS for SMTP checkbox if you prefer to encrypt notifications received from and sent to the SMTP server.
      • Type the email address that you prefer to display as a sender in the Email "From" Address field.
        Note: We recommend an email address with the domain of your organization.
      • Type the username of your SMTP account in the SMTP Username field.
      • Type the password of your SMTP account in the SMTP Password field.
    • Slack

      Create a custom integration through the Incoming WebHooks Slack application and type the Webhook URL in the Slack Webhook URL field.

    • VictorOps
      • In your VictorOps settings, add a new alert integration for Prometheus and type the Service API Key in the VictorOps API Key field.
      • If required, type a custom API URL in the VictorOps API URL field.
    • PagerDuty

      If required, type a custom API URL in the PagerDuty URL field.

    • OpsGenie
      • Create an API integration for your OpsGenie team and type the API key in the OpsGenie API Key field.
      • If required, type a custom API URL in the OpsGenie API URL field.
    • WeChat
      • Type your WeChat credentials in the WeChat API Secret field.
      • Type your WeChat corporate ID in the WeChat Corporate ID field.
      • If required, type a custom API URL in the WeChat API URL field.

Configuring Receivers

The Receivers section configures a receiver for each preferred team to send notifications and link receivers to notification platforms.

Perform the following steps to add new receivers:
  1. Click Receivers. The system displays the Receivers screen.
    Figure 27. Receivers Screen of Notification Configuration
  2. Click Add Receivers at the end of the screen.
  3. Type receiver's name in the Receiver Name field.
    Figure 28. Add Receiver Pane
  4. Click the Add Configuration drop-down menu.
  5. Select any of the options in following table and provide the required information to link alert receivers with alerting platforms.
    Table 1. Configuration Options
    Configuration Options Required Information
    Add Email Configuration
    • Type recipient's email address in the Recipient Email field.

    • If required, select the Send alert when events are resolved checkbox.

    Add VictorOps Configuration
    • Type a routing key in the Routing Key field.

    • If required, select the Send alert when events are resolved checkbox.

    Add PagerDuty Configuration
    • Type a routing key in the Integration Key field.

    • If required, select the Send alert when events are resolved checkbox.

    Add OpsGenie Configuration Select the Send alert when events are resolved checkbox.
    Add Slack Configuration
    • Type a channel in the Channel field.

    • If required, select the Send alert when events are resolved checkbox.

    Add WeChat Configuration Select the Send alert when events are resolved checkbox.
    Add Pushover Configuration
    • Type a recipient's user key in the Recipient User Key field.

    • Type a pushover API token in the Application API Token field.

    • If required, select the Send alert when events are resolved checkbox.

    Add Webhook Configuration
    • Type the URL where you prefer to post event alerts in the Target URL field.

    • If required, select the Send alert when events are resolved checkbox

    Note: Click the recycle bin icon at the right end of corresponding fields if you prefer to delete that configuration. Click Delete Receiver next to Add Configuration if you prefer to delete the corresponding receiver.

Configuring Rules

The Rules section customizes notifications that are sent to receivers.

Perform the following steps to add a new rule:

  1. Click Rules. The system displays the Rules screen.
    Figure 29. Rules Screen of Notification Configuration
  2. Click Add Rules. A new Rules Conditions pane is displayed on the screen.
    Figure 30. Rule Conditions Pane
  3. Next to Add Conditions, click Severity, Event Type, Device, and Device Tags to provide the criteria that are used for monitoring the health of the alerting system.
    Note: Click Remove at the end of a field to delete that configuration.
  4. Select the required receiver from the Receiver drop-down menu.
  5. Select required checkboxes among Severity, Event Type, Device, and Interface to group similar events into a single alert.
  6. Select the Continue checking lower rules checkbox to continue checking for alerts if this event matches subsequent rules.
  7. Click Move up if you prefer to move this rule up in the priority list.
    Note: Rules are processed sequentially. The default rule is applied only when an event does not match any other rules. Click Delete rule to delete the corresponding rule. Click Move down in configured rules to move the corresponding rule down in the priority list.