Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Advanced alert surppression

Hi again,

I've been doing some reading and experimenting with advanced alerts and suppressions trying to put together as 'dynamic' as an alert as I can.. Now I'm trying to get a handle on alert suppression. I've seen several Thwack posts that almost describes what I'm trying to do.. but I'm just missing it.

Our sites also have specific network ranges that are unique to the sites. And each site has a firewall - if the firewall fails the site goes dark.

I have an alert setup - when a node goes down it sends an e-mail out to a custom property variable - so I only need one alert for most items. Now I'm trying to setup an alert suppression like the following:

Suppress Alert with ALL of the following apply

IP address starts with 10.10

Supress Alert when ALL of the following apply

Node Name is equal to SITE1-FIREWALL

Node status is not equal to Up

The "starts with 10.10" rules works perfectly - however when I "turned off" site1-firewall and made it dark - my alert for the node still was triggered.

Can someone clarify this?

THANKS!

Find more posts tagged with

Accepted answers

All comments

OswegoSam

I should mention... I assume my issue is that I'm essentially doing comparision on two different nodes, but from what I've read on thwack I thought this logic would work.

jbaulsir

Seems like your attempting the same kind of suppression I was...

OswegoSam

Hi Jbaulsir, thanks for replying.

I don't think this is exactly what I'm looking for.. but closer. In your example (let use screenshot #2) your alert is surpressed if the note "India Edge Router - RII" is not up right?

What I'd like to do is the following.

Assume:

core-switch-1 = 10.10.10.5

file-sever-1 = 10.10.10.8

(all other servers also sit on 10.10.10.x range)

router-1 = 10.10.18.1

the 10.10.10.x range is behind router-1

If anything goes down, I want Orion to check the IP address of the down node. If the IP address starts with 10.10.10 then I want it to check the router for that segment.

So can I have one condition check the IP address of the "down node" and then a second condition check the state of the router for the segment?

(Trying to do this with the IP as I want to have 1 alert covering all the sites, rather than one alert (with supression for the site router) per site.

qle

I don't believe this is possible. If my understanding is correct, once a node goes down, Orion will scan through your defined alerts. If it finds trigger conditions that match the attributes of this specific node, it'll fire. I cannot/will not consider anything about another node at all during this process.