Administration Guide › Action Alerts › Preparing to Use Alerts with Keyed Lists › Customize Keyed Values for Critical_Processes

Customize Keyed Values for Critical_Processes

You can use a predefined query to create an alert when a critical process stops. You can use the default keyed list only or you can supplement it with your own values. Predefined values include the following: lsass.exe, winlogon.exe, dns.exe, ldap.exe, httpd, smbd, sshd, syslogd, KSecDD, and IPSec Services.

To customize the list, you identify the processes that are critical to maintain in a running state and add them to this keyed list. The query that uses this keyed list is Critical Process Down.

If you create a custom query that uses this key, define the filter as follows:

To customize keyed values for Critical_Processes

1. Click the Administration tab and the Services subtab.
2. Click Report Server.

   A list of keys to which you add user-defined values is displayed at the bottom of the main pane.

3. Select the key, Critical_Processes.

   The predefined values appear.

4. Take one or more of the following actions to update this list:
   • Click Add Value and enter a new value to include in the keyed list.
   • Select a value and click Remove Value to delete the value from the list.
   • Select a value, click Edit Value, modify the value and click OK.
   • Click Export Values to export the current list, edit the list to add other values, save the file. Then, click Import Values to import your edited file.
   • If the values for this key are dynamically generated by the configured CA IT PAM process, click Import Dynamic Values List.
5. Click Save.

   If you have already scheduled an action alert for the query Critical Process Down, that alert will be generated based on the evaluation of all values in your modified keyed list for Critical_Processes.