Creating infection email alerts in ePO 5.9.0 and noticed a "Centralized Alerting" option. We do not have a "Central Management" architecture. Would including these options add any value?
Solved! Go to Solution.
I'm not aware of any best practices guides for this, I'm afraid, since every environment is different in terms of their reporting / alerting needs. My advice would be start small, keep things as simple as possible, and monitor the performance of ePO and SQL as you add the responses to make sure you're not adversely affecting things.
If you're only interested in generating alerts from within ePO, then you can ignore the centralised alerting features - ePO will trigger on the events uploaded directly from the clients.
The centralised alerting feature is useful for people who don't have ePO, but if you have ePO I would recommend using it as the alerting functions are considerably more advanced.
There's no hardcoded numerical limit -instead there is a limit to how large the underlying SQL query can be. The UI will alert you if you try and exceed the limit.
However just because you *can* add hundreds of criteria, it doesn't mean you should 🙂 There's a very definite performance impact: the more complex the response rule, and the more rules you have, the more work SQL has to do to evaluate them. Ideally you want as few, and as simple, rules as possible.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?