I’m having some discussions in my org about using IEM to generate alerts/events that would feed into an Event Management system for review and evaluation for potential action. An example of this would be like the “WARNING: BES Client Computer is Low on Free Disk Space” fixlet.
I’m interested to hear about any actual in-use fixlets that you’ve found to be useful that let you proactively identify Windows/Mac desktop issues that may need a human to review first instead of just having the fixlet fix the issue. Does anyone have examples they can share? I know that just about anything is possible, but I’m interested in what you’ve actually implemented and find useful.
We are incredibly interested in this as well – if anybody has proactive maintenance fixlets or analyses that they use and would be willing to share, that would be great!
We currently have alerts for the following (Though we don’t automatically take corrective action):
Dead Clients
End Of Life Mac OS
End Of Life Windows OS
High BSOD Count (>1 BSOD in <30 Days)
Very Full System Disk (0 MB)
Full System Disk (<2%)
Non Domain Joined System
I like the sound of an automatic (kind of) “ticket creation” for specific events such as the ones you’ve described because a lot of those can have automatic corrective actions either through IEM or some other agent but there are probably also other alerts that can be created that would need a finer touch. I know that some of this can be done with a simple email to a ticket system that already exists.
For example, in our environment, we send an email to a specific account at our service desk and a ticket is automatically generated. It can then be assigned to whoever is designated based on the error and severity. If we set up an email alert that triggered and sent a message to our service desk and they created a ticket, we just bypassed so much overhead to get the fix moving.
Well right now, if we wanted to in our environment, we could set up a report in web reports that generates every 3 days and sends that report with the output to our service desk to create a ticket. The problem that arrises is that while that may work today, in a year the responsibility of completing that task may fall onto another team. The report then has to be manually changed. That’s a convenience issue really and the web reports component for this is more than capable as long as there is time to get the report generated in the first place and no infrastructure changes happen that affect who the ticket is sent to after it’s generated.
I think what I’d really like to see is automatic after-action reports perfereablly configured through the action. For example, say you start your patching window at 10PM for a baseline. Your supervisor wants an after-action report sent out after your window closes at 4AM. To do that now, you manually have to create the report in web reports and schedule it to run at a designated time the next morning. What I’d be interested in seeing is a tab that can be configured during the action creation process that let’s the console operator configure the detail of the report (Success and failure rate, failed patch by name, failed computers by name, etc) and who to send it to.
You can do this now using a Web Report that only gets emailed when there are new results. You could set up a web report for each criteria of alert you are interested in with the computer details you need in your ticketing system to investigate and resolve the issue.
The more advanced way to do this would be to have something that runs periodically and checks for certain conditions using the REST API and session relevance. The script would then be able to be customized to pass the data along into whatever system you wish.