Defining what triggers an alert

There are several different types of events that can trigger an alert.

The following events can trigger alerts:

A warning or error in the operation of the SMC
A test failure
A match to a rule
A threshold in a user alert check is exceeded
A match to a pattern defined in a Situation element.

System Alerts and custom alerts are always triggered by an event in the system. In addition to the System Alerts triggered by internal events in the SMC, you can configure the following events to trigger alerts:

You can configure a rule in your Firewall, Layer 2 Firewall, Layer 2 Interface, or IPS Policy to trigger an alert. .
You can activate Status Surveillance on engines to trigger an alert when the Management Server does not receive status updates for a while.
You can configure the engine tester to issue an alert whenever a test fails (for example, when a network link goes down). Some tests that run on the engine by default might already be configured to issue alerts.
Server Pool Monitoring Agents can trigger alerts when they detect problems with the servers.
You can set thresholds for user alert checks to trigger alerts when the threshold is reached.
You can set thresholds for monitored items in Overviews to trigger alerts when the threshold is reached.