Setting up alert suppression based on groups

shuth

Hi all,

We are currently monitoring approximately 1800 nodes. We have configured groups and dependencies for the various remote sites that restrict the number of alerts generated when a node goes down. However, there are still a couple of single paths between the Orion server and the rest of the network so I was looking at setting up an alert suppression or condition that would stop the system from generating so many alerts when it loses connectivity to the network it is monitoring.

I created a group - "Flood Protection" - and placed the 3 single path devices in there. The plan is that if these 3 devices are down, suppress the alert.

The current alert is set up as follows. The custom property condition stops alerts from the test environment and various other environments that don't require alerts.

Type of Property to Monitor: Node

Trigger Alert when all of the following apply

Node Status is equal to Down

Trigger Alert when any of the following apply

CustomProperty is equal to ProductionNetworkA

CustomProperty is equal to ProductionNetworkB

I tried to use groups in alert suppression but had to change the property type to Group.

Suppress Alert when all of the following apply

Group Name is equal to Flood Protection

Group Status is equal to Down

However, I could not save this alert as the trigger conditions weren't valid (not group triggers). I changed it back to monitor Nodes and can save the alert but if I go back into the alert, the suppression conditions have changed to the following, which is... broken.

Suppress Alert when all of the following apply

IOS Image Family is equal to Flood Protection

Node ID is equal to Down

Another way I thought to do suppression would be the following but it looks messy:

Suppress Alert when all of the following apply

Suppress Alert when all of the following apply

Node Name is equal to Device1

Node Status is equal to Down

Suppress Alert when all of the following apply

Node Name is equal to Device2

Node Status is equal to Down

Suppress Alert when all of the following apply

Node Name is equal to Device3

Node Status is equal to Down

Is there a better way to do this? I don't really want to create a group, and have almost every node as depending upon this one group.

Thanks,

Steven

mrxinu

I can understand why you wouldn't want to maintain a group like that, but what about a dynamic group? Is there some dynamic way to say "the stuff behind the three SPOF devices" - a custom property maybe?