7 Replies Latest reply: Nov 2, 2012 3:52 AM by syn3rgy RSS

Group Alerts

deckers

I'm starting to go a bit nuts over the apparent lack of group based alerting and I can't image that no one else has run into it.

 

Is there a simple way to send to restrict the Node Down alert (for example) to a single 'group' of devices? For example, say the following groups are defined:

 

Retail

     US

          store1 (node)

          store2 (node)

     Japan

          store1 (node)

          store2 (node)

 

I want to setup an alert for US admins to get a node down email for any individual device that fails in the 'US' group under 'Retail'. What I don't want is it to just send an email saying 'US' has 'trouble', the email should say which device is the problem. Same for the Japan admins, they are to only receive notifications for trouble with devices in the 'Japan' group.

 

Surely there must be a way, please enlighten me how you folks are doing this!

 
  • Re: Group Alerts
    netlogix

    Either duplicate the criteria for your Group (if you are using dynamic group membership), or an Custom SQL alert with:

    Where

    Node.Caption in (

      SELECT [FullName], [Containers].Name

       FROM [ContainerMemberSnapshots]

        inner Join [Containers] on [Containers].ContainerID = [ContainerMemberSnapshots].ContainerID

       where [ContainerMemberSnapshots].[EntityDisplayName] = 'Node' and [Containers].Name = 'GroupName'

    ) and Nodes.Status = 2

  • Re: Group Alerts
    Popper

    deckers

     

    I believe there are a number of ways to do what you want.  I would approach as follows:

     

    1. Using Custom Property Editor create two custom fields, one entitled 'regional_group' (or whatever makes sense to you and your team), the other 'regional_alert_group'.

    2. For each node enter your regional code (we aren't specific to country, but to region, so we use 'APAC' or 'EUR' for example) in the 'regional_group' field.  You might use 'US', 'Japan', etc.

    3. For each node enter a pre-populated email distribution group in the 'regional_alert_group' field (example: japan_admins@globeco.com and us_admins@globeco.com).  These email distribution groups would contain the specific admins for those regions.

     

    The custom properties would something like this:

     

    ip_address   |  Caption     | regional_group  |  regional_alert_group

    -------------------------------------------------------------------------

    192.168.5.5  | store1_node  | US              | us_admins@globeco.com

    192.168.5.6  | store2_node  | US              | us_admins@globeco.com

    192.168.10.5 | store1_node  | Japan           | japan_admins@globeco.com

    192.168.10.6 | store2_node  | Japan           | japan_admins@globeco.com

     

    4. Once completed jump into Advanced Alert Manager and add this logic to your "Node Down" alert:

     

         Simple 'Trigger Condition' as an example:

         Trigger Alert when all of the following apply

              Node Status is equal to Down

             

         Trigger Action:

         Send E-Mail/Page to ${regional_alert_group}

        

         Email could look like this:    

         Subject: ${regional_group} SYSTEM DOWN - ${NodeName} is not responding

         Message: ${regional_group} - ${NodeName} is not responding.


    5. Done


    You don't really need the 'regional_group', but it adds a nice touch when customizing your alerts.  That would be my initial approach.  Perhaps other more experienced Orion/NPM users can share their methods.





    • Re: Group Alerts
      parsiuk

      That looks great. However, the problem starts when you have 3000 servers and you have no details in custom properties about the group to which server belongs. Doing this manually would take ages. The only way to fix this mess would be to use SQL:

       

      update Nodes set GroupName = (select Name from Containers where Containers.ContainerID = (select ContainerMemberDefinitions.ContainerID from ContainerMemberDefinitions where Entity = 'Orion.Nodes' and Nodes.NodeID = SUBSTRING(Expression,14,50)))

       

      This query is not very efficient way of doing things (a lot of nested queries) but it's simple enough. I'd also suggest taking a backup of the DB before running any "update" queries. In this case  custom property is called "GroupName" - you may need to change this.

       

      Once you have custom property for each node you can create a copy of the alert for each group, add a condition to check custom property and instead of taking email address from the custom property, you may just type the email address in the alert itself.

      • Re: Group Alerts
        netlogix

        Be careful with that method, if a node belongs to more than one group, then the field will only show one group (the last one retrieved by "select Name from Containers where Containers.ContainerID = (select ContainerMemberDefinitions.ContainerID from ContainerMemberDefinitions where Entity = 'Orion.Nodes' and Nodes.NodeID = SUBSTRING(Expression,14,50))"

    • Re: Group Alerts
      badger

      Maybe you could just use Popper's step 4, but use the 'alert me when a group goes down'

       

      Change the condition to:

       

      Group Status is equal to Warning

       

      Then just use the same Trigger Message:

       

      {NodeName} is down.

       

      Good Luck

  • Re: Group Alerts
    badger

    Hello,

     

    This is what I did and it should solve your problem.

     

    Go onto your server and into Basic Alert Manager > Configure Alerts

    (Start> All Programs> Solarwinds Orion> Alerting, Reporting, and Mapping)

     

    Firstly create an UP/DOWN alert for US devices like so:

     

    Under 'Property to Monitor' tab, tick only Node Status> Status.

    Under 'Monitored network Objects', tick only the US devices. (Individually only I'm afraid, no option to group as yet)

    Under 'Alert Trigger', set to trigger when Down and reset when Up.

    Under 'Time of day', make sure you select all the days and set the time From 12:00AM to 11:59PM

    Under 'Alert Suppression', I have mine set to 'Do not configure...'

    Under 'Action', Add 'Send E-mail/Page' and set it to your US admin addresses individually or a group email address (admin.1@snmp.com, admin.2@snmp.com, admin.3@snmp.com) or (US.admins@snmp.com)

     

    This is my 'Trigger Message';

     

     

    Subject:

    Alert: ${NodeName} is ${Status}

     

    Message:

    Alert: ${NodeName} is ${Status}.

    ${IP_Address}

     

     

     

    And 'Reset Message';

     

     

    Subject:

    Reset: ${NodeName} is ${Status}

     

    Message:

    Reset: ${NodeName} is ${Status}

     

     

    Now choose the 'Copy Alert' button and adjust to your Japan Nodes/Admins.

    You can then 'Test Alerts' to check it's working.

     

    And finally make sure the Alerts you created are ticked to enable them, as you'll probably find at least the copied one won't be.

     

    Hope I didn't miss anything and this is what you are looking for!?!

     

     

    p.s- if you're just talking about grouping, you might be able to do something clever with dependencies and alert on warning states

    i.e- if a child member of a dependency goes down it would trigger a warning on the parent, you could then send out alert emails based on that? - just a thought, hope it helps

  • Re: Group Alerts
    syn3rgy

    I know this is an oldish thread and you may have worked this out already, but for the bit where you said " What I don't want is it to just send an email saying 'US' has 'trouble', the email should say which device is the problem."

     

    I add in the below to show me which node is the problem node.

     

    Root Cause: ${GroupStatusRootCause}