Action Groups

Description

Action Groups determine who receives alert notifications when OmniCenter detects a problem on your network. They also provide a way to tell OmniCenter what actions it should take automatically (if any) in response to that problem.

How Action Groups Work

Action groups are assigned to the OmniCenter checks monitoring your devices and applications. When a check fails and an incident is created, any action groups assigned to the failing check tell the incident who should be alerted, when, and how—as well as what actions OmniCenter should take. Non-alert actions that OmniCenter can be instructed to take include things such as, rebooting a device or restarting a service or server, generating a service ticket using an external alerting API such as ServiceNow or OpsGenie, or broadcasting a message across your network using an SNMP trap.

The structure of action groups is somewhat complex, given their function. Action groups consists of three basic components: The action group itself, one or more actions contained within that group, and one or more methods contained within each action. Basically, action groups are groups of actions. And, actions are groups of methods.

Action Group

An action group is essentially a container for actions.

You may add any number of action groups to a check or to the host alert contact list of a device.

An action group has three attributes that give it functionality within OmniCenter.

  • It is assignable to any OmniCenter monitoring check. An action group may also be chosen as a host alert contact for a device.
  • It has a name. Action groups are chosen by their name, so each action group must be given a unique name.
  • It has a configurable access level. In addition to being used automatically by incidents, action groups may also send alerts and perform actions when used manually by a user. The access level determines what users may use an action group manually.

Action groups that have their access level set to any option other than None will allow any user with the corresponding or higher access level to run the action group from within an incident that is using it. Setting the access level to None prevents the action group from being used manually under any circumstances.

Action

An action is nothing more than a container for methods. It has no attributes other than a name, and is purely for organizational purposes.

You may add any number of actions to an action group.

Method

A method is the executable component of an action group. It is the part that sends alert notifications, or communicates commands to your managed devices or external APIs. Without at least one method, your actions and action groups can do nothing.

There are many methods to choose from, but they all do basically the same thing—send a message to someone or something outside of OmniCenter.

The specifics of a given method may vary, but they all share the following two attributes.

  • Method type – This determines what function the method performs. Method types are explained further down.
  • Notify hours – This is a preconfigured time frame, outside of which the method will not execute. Commonly used to ensure that a given method only (or never) executes during (or after) business hours.

You may add any number of methods to an action, in any combination. This allows you to create a variety of multifunctional action groups that can be used for different purposes.

Method Types
The following method types are available.

  • Email
    Sends an alert notification about an incident to a specified email address.
  • SMS (via email)
    Sends an alert notification about an incident to a mobile device using the specified SMS email address.
  • Mobile Notification
    Sends an alert notification about an incident to the OmniCenter mobile application using Netreo Cloud Services. These cloud-based alert notifications are sent from Netreo’s cloud servers and are useful if your email systems are down along with your network. (This method is automatically added to all new actions by default, but can be removed, if desired.)
  • SNMP Trap
    Broadcasts an SNMP trap about an incident to devices configured to receive traps from OmniCenter.
  • Webhook
    Sends commands to an external API such as a ticketing or alternative alerting system.
  • Active Response Webhook
    An active response version of Webhook.
  • Active Response Windows
    Sends PowerShell commands to Windows devices.
  • Active Response SSH
    Sends SSH commands to non-Windows devices.

Commands incompatible with the device to which they are sent will simply be ignored by that device. Additionally, the methods in an action group are only run against the host device to which the failing check is assigned. This makes it safe to add multiple different command-based methods to a single action group that may then be assigned to a variety of devices.

Method Execution and Active Response
Most method types send their message repeatedly on a schedule until the incident running them has been acknowledged, at which point they stop. If that incident is de-acknowledged, they will start running again. (The schedule on which methods are run is configured in the check to which their action group is assigned.)

However, this is not the case with active response methods. Active response methods execute only once, when an incident is first created and first uses an action group. They will never automatically execute again for the same incident. Although, they can be manually executed again by a user with an appropriate access level.

Skipped Methods

Some methods may fail to execute when their action group is run. There are typically three reasons for this:

  1. The method’s NOTIFY HOURS configuration setting has restricted the time at which that method may execute.
  2. It is an active response method (which only run when an incident is first opened).
  3. The method is trying to run a command against a host for which that command is not applicable.

Action Group Management

Only users with the SuperAdmin access level may create and manage action groups.

See the individual check descriptions for information about assigning action groups to those check types.

Action Groups

Create a new action group

  1. Go to the OmniCenter main menu and select Administration > Alerts > Actions to open the Actions Administration page.
  2. Select Add a Group.
    1. Enter a name for your new action group.
    2. Choose a manual use access level.
    3. Select Add Group.
  3. When you are prompted to add an action to the new group.
    1. Enter a name for the new action.
    2. Select Add Action.
  4. When you are prompted to add a method to the new action.
    1. Choose the method type.
    2. Configure the method as necessary.
      • The payloads for SNMP traps, webhooks, PowerShell and SSH must not exceed 1,020 characters in length.
    3. Choose a time frame for the notify hours (the time during which the method will be allowed to execute).
    4. Select Add Method.
  5. You are returned to the Actions Administration page.

Edit an action group

  1. On the Actions Administration page locate the action group that you wish to edit.
  2. Select the action group’s edit group icon in the ACTIONS column.
  3. Edit the group configuration as desired.
  4. Select Edit Group.
  5. You are returned to the Actions Administration page.

Delete an action group

  1. On the Actions Administration page locate the action group that you wish to delete.
  2. Select the action group’s delete group icon in the ACTIONS column.
    • All actions and methods in the group will be deleted along with the action group.
    • There is no confirmation for this action, so be sure it is what you want.

Actions

Add a new action to an action group

  1. On the Actions Administration page locate the action group to which you would like to add a new action.
  2. Select the action group’s add action icon in the ACTIONS column.
  3. Enter a name for your new action.
  4. Select Add Action.
  5. You are returned to the Actions Administration page.

Edit an action

  1. On the Actions Administration page locate the action group and action which you would like to edit.
  2. Select the action group’s edit action icon in the ACTIONS column.
  3. Enter a new name for the action.
  4. Select Edit Action.
  5. You are returned to the Actions Administration page.

Delete an action from an action group

  1. On the Actions Administration page locate the action group from which you would like to delete an action.
  2. Select the action’s delete action icon in the ACTIONS column.
    • All methods in the action will be deleted along with the action.
    • There is no confirmation for this action, so be sure it is what you want.

Methods

Add a new method to an action

  1. On the Actions Administration page locate the action group and action to which you would like to add a new method.
  2. Select the action’s add method icon in the ACTIONS column.
  3. Choose the method type.
  4. Configure the method as necessary.
    • The payloads for SNMP traps, webhooks, PowerShell and SSH must not exceed 1,020 characters in length.
  5. Choose a time frame for the notify hours (the time during which the method will be allowed to execute).
  6. Select Add Method.
  7. You are returned to the Actions Administration page.

Edit a method

  1. On the Actions Administration page locate the action group, action and method which you would like to edit.
  2. Select the method’s edit method icon in the ACTIONS column.
  3. Edit the method as desired.
  4. Select Edit Method.
  5. You are returned to the Actions Administration page.

Delete a method from an action

  1. On the Actions Administration page locate the action group and action from which you would like to delete a method.
  2. Select the method’s delete action icon in the ACTIONS column.
    • There is no confirmation for this action, so be sure it is what you want.

Best Practices

Command Methods

Due to limitations in OmniCenter, only simple commands should be sent (restart, etc.). If you wish to run complex commands, it’s better to write a script on the target device, and then simply call the script through the appropriate command method.

When using PowerShell commands to restart Windows services or servers, it is imperative to make use of maintenance windows when conducting upgrades or during planned outages, otherwise OmniCenter will attempt to restart the services or systems.

OmniCenter Incident Macros

When using the webhook, SNMP trap and command methods, you may also include any of the built-in OmniCenter incident macros to access a wide variety of information about the associated incident or device.

Updated on May 5, 2020

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Comments

    1. The macro list links have been fixed. Thanks, Glenn. Good spotting.

Leave a Reply