We are monitoring a number of services in each server which are related to antivirus, web protection and security. There are altogether 10 + services per server. The issue is whenever there is an update on AV signature or threat database etc, services stop and starts automatically and we do receive 20+ email alert per server - one for each service down and the other for each service up. We are monitoring 400+ servers. You can calculate the number of emails this is generating!!
Is there a way to group these services into one and I only receive one alert instead of 10+ per server when service goes down?
I can understand the operational problem you have to face. We don't have the ability to consolidate alerts at present.
However, would you be fine if the server in which the services are running could be Marked as Maintenance..? Since updating AV is a maintenance activity, you can mark the servers as maintenance which will avoid alerts. You can schedule the maintenance if you know that the update happens in a time bound manner.
Product Manager, Site24x7
These updates are done automatically by the software and no way, we can schedule when the updates will be applied. thus, cannot add a maintenance window.
Though, a question, is it possible crate a schedule maintenance window specifically for those services as a group and not monitors as a whole? We have noticed that most of these updates are normally applied between 7 PM and 11:00 Pm and its a very long window to put all my server monitor in a maintenance window.
1. Create a notification profile that you want to be applied to your systems.
2. Set the "Downtime Notification Delay" to "Notify after two continuous failures"
We do this for the default notification profile and have found it to significantly improve the quality of life for our admins. This means that you do not get alerts for restarting services, but still get alerted if the service fails to restart, which is awesome.
We also have a "Critical Devices" profile, which notifies immediately.