Alerts

Monitor your infrastructure with smart alerting, rule-based triggers, and multi-channel notifications.

How Alerting Works

OnePAM monitors your endpoints, resources, and sessions and fires alerts when conditions are met. Alerts follow a lifecycle: Firing → Acknowledged → Resolved (or Silenced). Notifications are delivered through multiple channels and can be escalated when unacknowledged.

Alert Types

TypeTriggerDescription
Endpoint Offline Agent stops reporting Fires when an endpoint has been unreachable for a configurable number of minutes (5–60)
Endpoint Recovered Agent reconnects Fires when a previously-offline endpoint comes back online
Threshold Metric exceeds limit Fires when a numeric metric crosses a threshold (e.g. CPU > 90%, disk > 95%)
Anomaly Metric pattern match Fires when a metric matches a regex pattern (warning and critical severity variants)

Alert Rules

Navigate to Alerts → Alert Rules to manage rules. Some rules are built-in (provided by OnePAM) and can be enabled/disabled but not deleted.

Creating a Rule
  1. Basic info — name, description, alert type, and severity (info, warning, or critical).
  2. Conditions — type-specific:
    • Endpoint offline: minutes before firing (5–60).
    • Threshold: metric name, operator, and value.
    • Anomaly: optional metric regex pattern to match.
  3. Notification channels — select one or more delivery channels.

Notification Channels

Notification channels are configured at two levels:

Per-rule channels

When creating or editing an alert rule, you can select from these channels:

  • Email
  • Slack
  • Discord
  • Microsoft Teams
  • PagerDuty
  • Opsgenie
  • Pushover
  • Telegram
Organisation-wide notifications

Additional providers (Mattermost, Google Chat, Webhook, and more) are configured under Settings → Notifications. Each channel can be tested with a Send Test button to verify delivery.

Alert Lifecycle

Alerts move through the following states:

  1. Firing — the condition has been met and the alert is active.
  2. Acknowledged — a team member has acknowledged the alert.
  3. Silenced — the alert is temporarily suppressed.
  4. Resolved — the underlying condition has been cleared.

The alert detail page shows a timeline of state transitions, escalation history, and a notification delivery log with channel, status, recipient, and retry information.

Escalation Policies

Escalation policies define what happens when an alert remains unacknowledged. Configure policies under Settings → Escalation. Policies can re-notify additional channels or increase severity after a delay.