Can a node be part of 2 dependency groups?

Our sites have independent internet links monitored from our Solarwinds server in Azure using IPSec tunnels. Each site has a Juniper firewall and then the rest of the network equipment hangingoff the firewall. To manage alerts, we configured dependencies at each site with:

- the firewalls as the parent, and

- a group including all other devices at each site as a child.

Thus, if there is an error on the firewall, we have only one alert (for the firewall). Separately, we monitor the public IP address of the internet routers. So, if there is an ISP problem at a site (or a power issue), we have an alert for both the public IP and the firewall. This has worked well, but sometimes generates 2 alerts where 1 would do.

What we want to do is to have an additional dependency using:

- the public IP as the parent

- a group including the firewall AND the rest of the equipment as a child.

In testing the extra dependency, when there is a ISP problem at site it does generate alerts for all devices (though not every time - possibly because of the order in which devices are polled?). Preliminary searches online suggest that a child object have should not have two different parents - unless they both go down, the alerts will not be suppressed. Has anyone found a way round this, or is this a limitation? (After all, on our current config, we do have the benefit of knowing that when only the firewall alerts it is a local problem, but when we get 2alerts it may be ISP issues, or power)

Find more posts tagged with

network_monitoring

npm dependency

Accepted answers

All comments

vinay.by

Probably you are right -> https://solarwindscore.my.site.com/SuccessCenter/s/article/Parent-Child-dependencies?language=en_US

I havent tested this so far and I do not know for sure if it still works the same way as it use to in the previous versions as mentioned in the above thread.

If this is how it works then in that case you should raise it as a feature request. It shouldnt be that alerts from child objects should be suppressed only if all parents in all dependencies goes down.

maciej.sandecki

If I understand correctly your topology is like this:

Internet connection with IPSec tunnel - ISP router (public IP) - Juniper firewall (reachable via IPSec tunnel) - devices on site

You could create dependencies like this:

1. Parent: ISP Router, child: Juniper firewall

2. Parent: Juniper firewall, child: devices on site (using automatic dependencies or manual dependencies with each device on site or group of devices)

Note that if you trigger down alert immediately when a device goes down it may cause false alerts to be generated because of the polling sequence and the fact that child is marked down before the parent is marked down, so it could be good to set the alert to trigger after 2-5 minutes.

webbdom

Thank you - yes, that seems to be the way of it. I think at the moment, we have two alternatives:

- have one dependency at each site with the firewall as parent - if the public router also goes down, we'll have two alerts

- have one dependency at each site with a group of "firewall + public IP" as the parent, set to round up to the "worst status". Then we will get only one alert, but will have to look further to find out whether the problem is with the firewall or the ISP router (or power supply)