Create event rules
You can configure rules to monitor specific events. Rules make it easier to monitor a large number of events generated across your infrastructure.
You can filter a set of events by configuring rules with specific conditions and assigning actions to the rules. When the events generated meet the filter criteria in the rule, the action associated with the rule is executed. The conditions for which you can create filters are: severity, Citrix Application Delivery Controller (Citrix ADC) instances, category, failure objects, configuration commands, and messages.
You can assign the following actions to the events:
- Send e-mail Action: Send an email for the events that match the filter criteria.
- Send Trap Action: Send or forward SNMP traps to an external trap destination
- Send SMS Action: Send a Short Message Service (SMS) message for each event that matches the filter criteria.
- Run Command Action: Run a command when an incoming event meets the configured rule.
- Execute Job Action: Execute a job is for events that match the filter criteria that you’ve specified.
- Suppress Action: Suppresses drop an event for a specific time period.
You can also have notifications resent at a specified interval until an event is cleared. And you can customize the email with a specific subject line, user message, and/or attachment.
For example, as an administrator you might want to monitor “high CPU usage” events for specific Citrix ADC instances if those events could lead to an outage of your Citrix ADC instances. You could create a rule to monitor the instances, and specify an action that sends you an email notification when an event in the “high CPU usage” category occurs. You could schedule the rule to run at a specific time, such as between 11 AM to 11 PM, so that you are not notified every time there is an event generated.
Configuring an event rule involves the following tasks:
Step 1 - Defining an event rule
Navigate to Networks > Events > Rules, and click Add. If you want enable your rule, select the Enable Rule checkbox.
You can set the Event Age option to specify the time interval (in seconds) after which Citrix ADM refreshes an event rule.
Based on the example above, you may want to be notified by email every time your Citrix ADC instance has a “high CPU usage” event for a period of 15 seconds or longer. You can set the event age as 15 seconds, so that every time your Citrix ADC instance has a “high CPU usage” event for 15 seconds or more, you will receive an email notification with details of the event.
You can also filter event rules by Device Family to track the Citrix ADC instance from which Citrix ADM receives an event.
Step 2 - Choosing the severity of the event
You can create event rules that use the default severity settings. Severity specifies the current severity of the events you which you want to add the event rule.
You can define the following levels of severity: Critical, Major, Minor, Warning, Clear, and Information.
You can configure severity for both generic and enterprise-specific events. To modify event severity for Citrix ADC instances managed on Citrix ADM, navigate to Networks > Events > Event Settings. Choose the Category for which you want to configure event severity and click Configure Severity. Assign a new severity level and click OK.
Step 3 - Specifying the event category
You can specify the category or categories of the events generated by your Citrix ADC instances. All categories are created on Citrix ADC instances. These categories are then mapped with Citrix ADM that can be used to define event rules. Select the category you want to consider and move it from the Available table to the Configured table.
In the example above, you will need to choose “cpuUsageHigh” as the event category from the table displayed.
Step 4 - Specifying Citrix ADC instances
Select the IP addresses of the Citrix ADC instances for which you want to define the event rule. In the Instances section, click Select Instances. In the Select Instances page, choose your instances, and click Select.
Step 5 - Selecting failure objects
You can either select a failure object from the drop-down list provided or add a failure object for which an event has been generated. Failure objects are entity instances or counters for which an event has been generated.
The failure object affects the way an event is processed and ensures that the failure object reflects the exact problem as notified. This can be used to track down problems quickly and to identify the reason for failure, instead of simply reporting raw events. For example, if a user has login issues, then the failure object here is the username or password, such as “nsroot”.
This list can contain counter names for all threshold‐related events, entity names for all entity‐related events, certificate names for certificate‐related events, and so on.
Step 6 - Specifying additional filters
You can further filter an event rule by:
- Configuration Commands - You can specify the complete configuration command, or specify the description pattern within asterisk (*) to filter the events. In addition to the command, you can choose to further filter the event rule by the command’s authentication status and/ or its execution status. For example, for a NetscalerConfigChange event, type *bind system global policy_name*.
Messages - You can specify the complete message description, or specify the description pattern within asterisk (*) to filter the events.
For example, for a NetscalerConfigChange event, type *ns_client_ipaddress :10.102.126.250*.
Step 7 - Adding event rule actions
You can add event rule actions to assign notification actions for an event. These notifications are sent or performed when an event meets the defined filter criteria that you’ve set above. You can add the following event actions:
- Send e-mail Action
- Send Trap Action
- Send SMS Action
- Run Command Action
- Execute Job Action
- Suppress Action
- Send Slack Notifications
To set e-mail Event Rule Action:
When you choose the Send e-mail Action event action type, an email is triggered when the events meet the defined filter criteria. You will need to either create an email distribution list by providing mail server or mail profile details or you can select an email distribution list that you’ve previously created.
Due to a high number of virtual servers being configured in Citrix ADM you might receive a high number of emails every day. The emails have a default subject line that provides information about the severity of the event, the category of the event and the failure object. But the subject line does not carry any information about the name of the virtual server where these events originate from. You now have an option to include some additional information like the name of the affected entity, that is the name of the failure object. You can also add a customized subject line and a user message, and upload an attachment to your email when an incoming event matches the configured rule.
While sending emails for event notifications, you might want to send a test email to test the configured settings. The “Test” button now allows you to send a test email after configuring an email server, associated distributed lists and other settings. This feature ensures that settings are working fine.
You can also ensure that all critical events are addressed and no important email notifications are missed, by selecting the Repeat Email Notification until the event is cleared checkbox to send repeated email notifications for event rules that meet the criteria you’ve selected. For example, if you’ve created an event rule for instances that involve disk failures, and you want to be notified until the issue is resolved, you can opt to receive repeated email notifications about those events.
To set Trap Event Rule Action:
When you choose the Send Trap Action event action type, SNMP traps are sent or forwarded to an external trap destination. By defining a trap distribution list (or a trap destination and trap profile details), trap messages are send to a specific trap listeners when events meet the defined filter criteria.
To set SMS Event Rule Action:
When you choose the Send SMS Action event action type, a Short Message Service (SMS) message for each event that matches the filter criteria. You will need to either create an SMS distribution list by providing the SMS server or SMS profile details or you can select an SMS distribution list that you’ve previously created.
To set the Run Command Action:
When you choose the Run Command Action event action, you can create a command or a script that can be executed on Citrix ADM for events matching a particular filter criterion. For example, if an event of “Critical” severity is raised when there is a configuration change on a managed instance, you can run a command script.
You can also, set the following parameters for the Run Command Action script:
|$source||This parameter corresponds to the source IP address of the received event.|
|$category||This parameter corresponds to the type of traps defined under category of the filter|
|$entity||This parameter corresponds to the entity instances or counters for which an event has been generated. It can include the counter names for all threshold-related events, entity names for all entity-related events, and certificate names for all certificate-related events.|
|$severity||This parameter corresponds to the severity of the event.|
|$failureobj||The failure object affects the way an event is processed and ensures that the failure object reflects the exact problem as notified. This can be used to track down problems quickly and to identify the reason for failure, instead of simply reporting raw events.|
During command execution, these parameters will be replaced with actual values.
To configure the “Run Command Action” event action on Citrix ADM:
Under Event Rule Actions, click Add Action and select Run Command Action from the Action Type drop-down.
To add an item to the Command Execution list, click Add next to the Command Execution list field. On the Create Command Distribution List page, specify a profile name and the command to be run. This command will be executed when the events meet the defined filter criteria.
You can enable the Append Output and Append Errors options if you want to store the output and errors generated (if any) when you run a command script in the Citrix ADM server log files. If you do not enable these options, Citrix ADM will discard all outputs and errors generated while running the command script.
To set the Execute Job Action:
By creating a profile with configuration jobs, a job is executed as a built-in job or a custom job for Citrix ADC, Citrix ADC SDX, and Citrix SD-WAN WO instances, for events and alarms that match the filter criteria you’ve specified.
Under Event Rule Actions, click Add Action and select Execute Job Action from the Action Type drop-down.
Create a profile with a job you want to run when the events meet the defined filter criteria.
While creating a job, specify a profile name, the instance type, the configuration template, and what action you’d like to perform if the commands on the job fail.
Based on the instance type selected and the configuration template chosen, specify your variables values and click Finish to create the job.
To set the Suppress Action:
When you choose the Suppress Action event action, you can configure a time period, in minutes, for which an event is suppressed or dropped. You can suppress the event for a minimum of 1 minute.
To set Slack notifications from Citrix ADM:
Configure the required Slack channel by providing the profile name and the webhook URL in Citrix ADM GUI. The event notifications are then sent to this channel. You can configure multiple Slack channels to receive these notifications
In Citrix ADM, navigate to Networks > Events > Rules, and click Add to create a rule.
On the Create Rule page, set the rule parameters such as severity and category. Select instances and also failure objects that need to be monitored.
Under Event Rule Actions, click Add Action. Then, select Send Slack Notifications from the Action Type list and select Slack Profile List.
You can also add a Slack profile list by clicking Add next to the Slack Profile List field.
Type the following parameters to create a profile list:
Profile Name. Type a name for the profile list to be configured on Citrix ADM
Channel Name. Type the name of the Slack channel to which the event notifications are to be sent.
Webhook URL. Type the Webhook URL of the channel that you have entered earlier. Incoming Webhooks are a simple way to post messages from external sources into Slack. The URL is internally linked to the channel name and all event notifications are sent to this URL to be posted on the designated Slack channel. An example of webhook is as follows: https://hooks.slack.com/services/T0******E/B9X55DUMQ/c4tewWAiGVTT51Fl6oEOVirK
Click Create and click OK in the Add Event Action window.
Note: You can also add the Slack profiles by navigating to Account > Notifications > Slack Profiles. Click Add and create the profile as described in the earlier section.
You can view the status of the Slack profiles that you have created.
Your event rule is now created with appropriate filters and well defined event rule actions.