6 Replies Latest reply: Jun 25, 2013 12:49 PM by netlogix RSS

Alert Rules

Farrukh Shami

Hi all,

     I want to understand the rule mechanisam. I have a network of 5 machines added in NPM.

a:  172.172.1.1

b:  172.172.1.2

c   172.172.1.3

d:  172.172.1.4

e:  172.172.1.5

Now , I want to make different groups to whome the notification will be sent. like there are 2 groups

 

1:  Network Administrators  (NA)

2:  Server Administrators     (SA)

==========================================================================

I want "Goes down" notification of server " a, b , c " wil sent to Group (NA)

while "Goes down" notification of " d,e " will sent to Group (SA)

 

For this kind of rule what I can create???

 
  • Re: Alert Rules
    Farrukh Shami

    group A.jpg

    I have created this rule. but it is not trigering any email.

  • Re: Alert Rules
    Leon Adato

    Look at your initial line: "Trigger alert if ALL of the following apply"

    A device that is down cannot have an IP address of 1.2.3.1 AND 1.2.3.2 AND 1.2.3.3

     

    What you mean to say is:

    Trigger alert if ALL of the following apply

         Node status is equal to down

         Trigger alert if ANY of the following apply

              IP Address is equal to 172.172.1.1

              IP Address is equal to 172.172.1.2

              IP Address is equal to 172.172.1.3

     

    Try that one out and let us know if it works.

    • Re: Alert Rules
      Farrukh Shami
      adatole

      • Re: Alert Rules
        Leon Adato

        Think about your polling cycles.

         

        • SolarWinds polls (pings) every 2 minutes.
        • If a device fails a ping, Solarwinds sends out one ping every 5 seconds
        • If a device fails 10 pings in a row, the device is THEN marked as down.
        • Do you have a delay in your trigger? (You should) That's going to delay the actual alert message further.

         

        Let's say that you put a 4 minute delay on your alert trigger. Meaning a device has to be down for 2 polling cycles before you call it officially "down" (this is a good idea, so you don't cut a ton of false alarms)

         

        at 12:00 your device goes down

        worse case, it's 12:02 before SolarWinds pings it for status. this ping fails

             SolarWinds sends out one ping every 5 seconds.

        At 12:02:50 , the device is now marked as "down" in Solarwinds

             your alert trigger says to wait 2 minutes to make sure it's really down

        at 12:04:50, you finally send out a message

        if you have any delays in email processing, that could slow things down further.

         

        So it's about 5 minutes.

         

        Now you can cut down the time by doing the following things:

        1. Reducing the polling cycle on the device - you can get down to one ping every 10 seconds I believe.
        2. Reducing the delay for the alert trigger

         

        If you did both of those things, you could get down to a 60 second delay between device down and your alert.

         

        But my guess is that you would also generate so many false alarms that it would become useless noise.

        • Re: Alert Rules
          netlogix

          One other factor to add is on the first page of your alert, Alert Evaluation Frequency, how often the alerting engine checks for the condition, so after adatole's 12:02:50 you have to add that number - of course this is all worst case.