Orion SDK Alert and Reset Forwarding Questions

Greetings,

I'm new to Orion and am evaluating it as a potential replacement for my current network monitoring tool. As part of the evaluation, I need to understand how to forward traps and advanced alerts to my trouble-ticket system. I also need to forward alert resets to close associated tickets.

I read through the docs and sample code and did some testing, but I'm not sure which tables or entities I need to query to do this. Here are my questions:

Which tables/entities should I query to find and forward
- new advanced alerts?
- new SNMP trap alerts?
- alert resets?

I'm also curious how Orion internally manages alerts. I see a lot of alerts come and go in the alertstatus table. I'm guessing alert resets delete alerts from that table? Is there a grooming process that deletes alerts after a while, or does the table continue to grow until an alert is cleared?

There are a couple of other interesting alert related tables: ActiveAlerts, AlertIndication, AlertReset, AlertTriggered and AlertUpdated, but they're always empty when I look. The SDK docs and schema reference don't provide any descriptions. Does anyone know what they're used for?

Thanks in advance,
Dave

Find more posts tagged with

orion_sdk

swis_schema

Accepted answers

All comments

flobb

I can't answer much of that question, but I can tell you that the "AlertDefinitions" table stores the queries which are executed for Advanced Alerts.

njoylif

I need to understand how to forward traps and advanced alerts to my trouble-ticket system. I also need to forward alert resets to close associated tickets.

This is done via advanced alerts on the main NPM poller. depending on your ticketing system, you'd either send an email to the ticketing system and provide info by passing macros/variables.

The other option would be if the ticketing system couldn't do emails, you'd use their API and in the advanced alert, you'd "execute a program" or script to launch their API client or app.

resets would be a little more tricky as I haven't had to set up, I can't elaborate. You'd have to figure out how to get the ticket number into the alert (custom property)...? then you'd set the alert reset actions to close in a similar manner as trigger actions.

TRAP alerts would use the trap viewer on the main poller to configure.

djo_apci

I know I can configure alert actions to run a script or send an email for advanced alerts and SNMP traps, but was hoping to avoid that approach and use an SDK app to poll the DB for new and closed alerts. I'm pretty sure it can be done that way, but the SDK docs and schema references are very light on detail. A one-line description for each schema entity would help a lot.

Thanks,

Dave

sja

I'm not a developer but there is some info about

Finding an Alert page 12

Acknowledging an Alert page 14

Solarwinds Tech. reference.