CT-Ops

Checks & Alerts

Operator guide for the CT-Ops Alerts page, alert history, silences, and notification channels.

The Monitoring -> Checks & Alerts menu item opens /alerts. Use this page as the alert triage and delivery-control centre for the current CT-Ops instance.

The page shows active alert instances, historical alert instances, maintenance silences, and notification channels. It does not create alert rules directly. Create host check alert rules from Host Monitoring or service alerts from Host Infrastructure. Global check templates and default check-alert rules are managed under Global Checks.

Access and refresh behaviour

Users with instance access can view alert instances, silences, and notification channels. Creating notification channels and sending test notifications require administrator access. Acknowledging alerts and creating or deleting silences require write access.

The active alert list refreshes every 30 seconds. Notification channels and silences refresh every 60 seconds. Alert history is collapsed by default, shows the matching history-item count in the header, and loads rows in pages of 25 after an operator opens it.

Alert and silence timestamps are shown with the instance Display Settings.

Active alerts

The page header shows the total number of active firing alerts. The Severity filter narrows the active list to All severities, Critical, Warning, or Info without changing alert history.

The Active Alerts table lists currently firing alert instances.

ColumnMeaning
SeverityRule severity: Critical, Warning, or Info.
HostHost that owns the alert instance. Select the hostname to open the host detail page.
RuleAlert rule name that produced the instance. For check-based alerts this is usually derived from the check name and failure threshold.
MessageEvaluation message from the alert engine, such as the failing check, breached metric threshold, certificate expiry, container condition, or image vulnerability state. Long messages are truncated in the table.
TriggeredDate and time when CT-Ops created the firing alert instance.
ActionsOperator actions for the firing instance.

Use Incident when the alert needs incident tracking. CT-Ops creates an incident from the alert, invalidates the alert data, and redirects to the new incident page.

Use Acknowledge when an operator has accepted ownership or deliberately suppressed continued active-alert triage for that instance. Acknowledgement changes the instance status from firing to acknowledged, records the acknowledgement time and user, and removes the row from the active table. It does not disable the alert rule. If the underlying condition resolves and then fires again later, CT-Ops creates a new alert instance.

Alert history

Alert History is collapsed by default so active triage stays at the top of the page. The header shows the number of matching history items while the table is closed. Use Show history to expand firing, resolved, and acknowledged alert instances, newest first. It is useful for handover, post-incident review, and identifying noisy rules.

ControlWhat it does
SeverityFilters history to All severities, Critical, Warning, or Info. Changing it resets history pagination to page 1.
Show history / Hide historyExpands or collapses the history controls and table.
FromFilters to alerts triggered on or after the selected date.
ToFilters to alerts triggered on or before the selected date. The UI includes the whole selected day.
ClearAppears when any history filter is active. It clears severity and date filters and returns to page 1.
PreviousMoves back one 25-row page. Disabled on page 1 or while a page is loading.
NextMoves forward one 25-row page. Disabled on the last page or while a page is loading.

The history table columns are:

ColumnMeaning
SeveritySeverity stored on the alert rule when the instance is listed.
StatusCurrent alert instance status: Firing, Resolved, or Acknowledged.
HostHost linked to the instance. Select it to inspect current host state.
RuleAlert rule name.
TriggeredTime the instance was created.
Resolved / AcknowledgedResolution time when the alert engine resolved the instance, or acknowledgement time when an operator acknowledged it. Shows a dash when neither timestamp exists.

Use history to confirm whether a condition is still active, how often a rule fires, and whether alert volume lines up with maintenance windows or metric pressure on the host.

Silences

Silences suppress alert evaluation during planned work. CT-Ops checks active silence windows before evaluating host, Docker container, and Docker image alert rules. An instance-wide silence applies to every host; a host-specific silence applies only to the selected host.

Select Add Silence to open the silence form.

Field or controlDefaultValidationWhat it does
HostAll hosts (instance-wide) unless a host prefill is supplied by another flowOptional host ID from the current instanceSelects one host or leaves the silence instance-wide.
ReasonEmptyRequired, 1 to 255 charactersRecords why alerts are suppressed. Use a ticket, change, or maintenance reference when possible.
Starts atCurrent local date and timeRequired date-timeBeginning of the silence window.
Ends atOne hour after the current local timeRequired date-time, must be after Starts atEnd of the silence window.
Create SilenceEnabled after required fields validateRequires write accessSaves the silence and refreshes the silences list.
Canceln/an/aCloses the form without creating a silence.

The silences table columns are:

ColumnMeaning
ScopeHostname for a host-specific silence, or All hosts for an instance-wide silence. Hostnames link to the host detail page.
ReasonOperator-entered reason. Long reasons are truncated in the table.
StartsStart of the silence window.
EndsEnd of the silence window.
StatusUpcoming before the start time, Active during the window, or Expired after the end time.
ActionsTrash button that deletes the silence.

Use silences for planned maintenance, controlled restarts, known noisy dependencies, or temporary infrastructure work. Prefer host-specific silences when only one machine is affected; use instance-wide silences only for broad platform events where every alert would be expected noise.

Notification channels

Notification Channels defines where alert fired and resolved events are sent. CT-Ops supports webhook, email, Slack, and Telegram channels. Channel configuration is instance-scoped.

Global in-app notification routing and central SMTP relay settings live in Notification Delivery Settings. Email channels store recipients only; they use the global SMTP relay for delivery.

The notification channels table columns are:

ColumnMeaning
NameOperator-facing channel name.
TypeChannel type: Webhook, Email, Slack, or Telegram.
DetailsWebhook URL, email recipients, Slack webhook configured/missing state, or Telegram chat ID. Stored secrets are not shown.
ActionsTest, edit, and delete controls.

Action controls:

ControlWhat it does
Test notificationSends a test message to the selected channel. The button shows a spinner while the request is running. Test notifications are limited to 5 per minute per instance and use a 10 second outbound timeout for webhook-style requests.
Edit channelOpens the edit form for the channel type. Blank secret fields keep the existing stored secret for webhook, Slack, and Telegram channels.
Delete channelDeletes the notification channel after the click. Existing alert history remains, but future alert events are no longer sent to that channel.

After a test, CT-Ops opens a test-result dialog. Success confirms delivery was accepted by the destination or SMTP relay. Failure shows the returned error, such as an HTTP status, Telegram response body, SMTP relay error, or timeout.

Webhook channels

Select Add Webhook to send alert events to a custom HTTPS endpoint.

Field or controlDefaultValidationWhat it does
NameEmptyRequired, 1 to 100 charactersLabel shown in the channel table.
URLEmptyRequired valid HTTPS URL. CT-Ops rejects private/internal targets.Endpoint that receives JSON alert events.
SecretEmptyOptionalWhen set, CT-Ops signs webhook payloads with HMAC-SHA256 and sends the signature in X-CT-Ops-Signature as sha256=<hex>.
Add Channeln/aRequires administrator accessCreates the channel.

Editing a webhook requires Name and URL again. Leave Secret blank to keep an existing secret; enter a new value to replace it.

Use webhooks for incident platforms, custom automation, or ticketing systems that can accept CT-Ops alert events.

Email channels

Select Add Email to route alert events to one or more email recipients.

Field or controlDefaultValidationWhat it does
NameEmptyRequired, 1 to 100 charactersLabel shown in the channel table.
RecipientsEmptyRequired comma-separated email addresses; server validation requires at least one valid address.Destination mailboxes for alert email.
Add Channeln/aRequires administrator accessCreates the channel.

Editing an email channel lets administrators rename it or replace the recipient list. Email delivery requires the global SMTP relay to be enabled and valid. See Notification Delivery Settings.

Use email channels for shared operations mailboxes, escalation lists, or teams that do not use chat or webhook integrations.

Slack channels

Select Add Slack to send alerts to a Slack incoming webhook.

Field or controlDefaultValidationWhat it does
NameEmptyRequired, 1 to 100 charactersLabel shown in the channel table, often the Slack channel name.
Incoming Webhook URLEmptyRequired valid HTTPS URL. CT-Ops rejects private/internal targets.Slack incoming webhook destination.
Add Channeln/aRequires administrator accessCreates the channel.

When editing Slack, the webhook URL field can be left blank to keep the existing stored URL. Enter a new HTTPS webhook URL to rotate the destination.

Use Slack channels for operational rooms where responders already coordinate active incidents.

Telegram channels

Select Add Telegram to send alerts through a Telegram bot.

Field or controlDefaultValidationWhat it does
NameEmptyRequired, 1 to 100 charactersLabel shown in the channel table.
Bot TokenEmptyRequired for creationTelegram bot token from BotFather. Stored tokens are not displayed after save.
Chat IDEmptyRequiredNumeric chat, group, or channel ID that receives messages.
Add Channeln/aRequires administrator accessCreates the channel.

When editing Telegram, leave Bot Token blank to keep the existing token. The Chat ID field is always editable.

Use Telegram channels when the operations team uses Telegram for out-of-band or mobile alert delivery.

Alert rule sources

Alert instances shown on this page can come from several rule types:

SourceWhere operators configure it
Check status alertsHost Monitoring checks and global check defaults.
Metric threshold alertsHost monitoring alert defaults and host-specific metric rules.
Certificate expiry alertsCertificate monitoring workflows.
Docker container alertsHost Containers and container alert settings.
Docker image vulnerability alertsDocker image scanning settings and findings. See Docker Container Settings.

Severity values are Info, Warning, and Critical. Rule forms default severity to Warning unless the creating workflow overrides it.

Use the /alerts page for response and delivery operations. Use the host and settings pages linked above when the rule definition itself needs to change.