I could REALLY use the ability to alert on traps and syslogs with the advanced alerting engine
The issue here is that the Advanced Alerting engine only works for stateful alerts. Syslogs and Traps are not stateful, they are just events that happen.
You can send alerts based on traps and syslogs. We send all alerts from Orion (advanced alerts, syslog alerts, and trap alerts) into our ticketing system to provide one unified tracking and management system for all issues.
I am curious to understand how specifically you would like to see traps and syslogs implemented via the advanced alerts; for the sake of the SolarWinds product management team can you please provide the specific use case that isn't currently being fulfilled?
I am trying to find a way to show trap messages and/or syslog message in the Events viewer. Has anyone else been able to make this work?
I've wondered something similar. In Orion's advanced alerts, it's possible to post an event (in the trigger actions) to orion's event log (on the web pages, etc) -- but not from the syslog or trap viewer (rule actions). Which seems odd, considering it's possible to send events almost everywhere else (from the trap/syslog subsystem) -- e.g. another syslog server, external program/script, windows net message, windows eventlog, etc.
In a related vein, on the topic of cool snmptrap/syslog triggers, ability to trigger a poll (or rediscovery) based on certain traps and syslog messages would be very useful. Can't think of a syslog message off hand, but imagine the utility of prempting a regular polling cycle, for a device, based on IF-MIB:link[Up/Down] messages. Same with power state changes (onBattery/onUtility) from APC UPS units -- for the custom poller cycle.
Assuming the maps were changed from static jpg --to--> persistently connected XML-RPC based Flash, it would then be possible to notice network static changes -- within seconds (of the actual event). And at almost zero performance penalty (in terms of snmp traffic and poller effort).
I suggested something similar several years ago:
Based on certain event types, trigger advanced troubleshooting tools.EG.
-when packet loss exceeds 5% run the traceroute program to the node and post the results in the node details page.
-when an OSPF flap syslog message is received, log onto the router with NCM and run the 'show ip route summary' command and post the results to the node details page.
My company would like them all combined because it creates a unified view. This increases efficiency.
This feature is more important to us now because we use a syslog (LogLogic LX2010) server to send traps/syslogs to Orion for alerts. Now our techs have to look at two views making it more cumbersome.
I get a LOT of complaints from my users about this.
This is an old thread, can you restate what you would like to see. Just have Syslog adn Traps in a single view?
It would be nice that if an alert triggers in the traps part of Orion that it could log an event in Orion. That way the trap/event message could be acknowledged. Add the action of "Log the Alert to the Netperfmon event log" in the Traps alert options would be perfect.
Thats my two bits.
I just want to re-iterate that we would find it extremely beneficial if syslogs and traps could generate events....
See my comments on this thread regarding a consolidated alert view. I think this would accomplish what you are looking for in a much more integrated way.
Use case is completely understood. One of the things we are working on now is a combined syslog, traps, alerts and events view within the web console
I would like to chime in on this issue.
1) A unified Alert interface is very desireable;
2) Being able to generate NPM Events for SYSLOG/SNMP Alerts is important for us (and should be trivial to add).
Thanks,
When will this issue be resolved. I am new to Solarwinds and have just run into this road block. I need to have the traps show on the Home page so that my NOC operators can see and acknowledge the the condition. I placed a feature request last week for this, I hope this makes it in soon.
maybe i missed the boat here but doesnt the new Message Center view give him exacly what he wants?
I mean you can have it give you all the events/traps/syslog all on one page now.
The only issue I see with that HemiTruck is trap will fill up the page quickly and you miss some of the other alerts, plus you aren't able to select multiple filters on one trap which completely sucks! We have operators watch the event log and we have filters so they only see what they have to perform an action. Traps are going to be one of those as well and I just want the Alert Traps to show in that.
