I was wondering if anyone knows how to configure alerts so that it will only alert for New Mac on a certain device such as a Switch.
I would try the following:
Once navigating to Manage Alerts, I would duplicate and edit the 'Alert me when a new MAC address appears on network' alert. I would add a secondary section to alert on node and make sure that secondary section is set to 'And'.
To cover all of my switches, I would set the node vendor equal to the switch maker and make that the trigger condition for the secondary section.
I'm not positive this will give you the result you're looking for - I don't run this alert in production today - but it seems somewhat logical. This presumes that the 'vendor' field does not reference the new MAC, but instead the device from which the new MAC was discovered.
Well, I got too curious and had to try it!
Works as advertised for me.
Good luck!
PS - you'll have to enable complex conditions on the alert itself (bottom of the first page when editing the alert).
You don't need any reset actions.
You'll have to amend the text of the email to your preference.
Other than that, fun!
I think I may have set it up wrong.
Trigger Condition:
New MAC Address - Is New MAC - is equal to - 1And At least one child condition must be satisfied (OR) Node - Vendor - is equal to - Netgear At least one child condition must be satisfied (OR) Node - Vendor - is equal to - Cisco At least one child condition must be satisfied (OR) Node - Vendor - is equal to - Unknown
Is what it looks like now. I did it that way as I want it to show from any Node and not specified. I don't know if that's possible. My email sent looked like:
Subject: Alert Copy of Alert me when a new MAC address appears on network00:1C:23:17:68:8E at Wednesday, August 12, 2015 1:35 PM
An issue on an object you are monitoring occurred at Wednesday, August 12, 2015 1:35 PM. View full object details here: http://SRVSWUDT:80/Orion/View.aspx?NetObject=UE-MAC:VAL=00:1C:23:17:68:8E. View full alert details here: http://SRVSWUDT:80/Orion/View.aspx?NetObject=AAT:1935 Click here to acknowledge the alert: http://SRVSWUDT:80/Orion/Netperfmon/AckAlert.aspx?AlertDefID=1935 This message was brought to you by the alert named: Copy of Alert me when a new MAC address appears on network
When I am in email setup area, I have nothing for including a variable that would show anything about the Node.
When editing the Email/page action for the alert, expand the 'Message' tab and scrub out the text you don't wish to retain. Choose 'Insert Variable', select 'Node' under the 'Show Variables For' dropdown, and you should be presented with choices there for populating the message with the node name. Then, craft the message as you wish inserting the node name variable into the text where you deem appropriate. To enable the alert to leverage the node variables, I believe there has to be some logic in the alert that leverages the node item (hence the secondary section).
Thanks a lot man. You helped me faster then I could find reviews or shares. Also faster then my sale rep or tech team did....
Just takes a little playing with and I'm not 100% knowledgeable on the product yet.
I ended up using:
Edit
New MAC Address - Is New MAC - is equal to - 1And At least one child condition must be satisfied (OR) Node - Machine Type - is equal to - Cisco Catalyst 4510R+E At least one child condition must be satisfied (OR) Node - Machine Type - is equal to - Netgear
An noticed it only shows the ones that have been discovered.
Not a problem! We got to find out how it worked together, my friend....always a good time!
Well I started playing with it more and went to add stuff in the email. Its not grabbing the node stuff. I get:
An issue on an object you are monitoring occurred at Wednesday, August 12, 2015 2:32 PM. 00:21:70:96:E2:21 was found on ${N=SwisEntity;M=DisplayName} ${N=SwisEntity;M=IP_Address} View full object details here: http://SRVSWUDT:80/Orion/View.aspx?NetObject=UE-MAC:VAL=00:21:70:96:E2:21. View full alert details here: http://SRVSWUDT:80/Orion/View.aspx?NetObject=AAT:1937 Click here to acknowledge the alert: http://SRVSWUDT:80/Orion/Netperfmon/AckAlert.aspx?AlertDefID=1937
It shows the Mac items info but not the node.
Yep, I see what you see. Weird. It may be that SQL is the way to go, or perhaps there are separate variables we can use to reference UDT nodes. I have to run to a meeting now, but I'll let you know what I find. If you're a paying customer, support can likely get this built for you, but I must admit if I were in your shoes I'd like to figure it out myself!
Ya, I played with it for a while as have you. I called a tech and he looked at it with me. He exported it to build it up, most likely going to make a workable sql.
The closest I could get was to use the DeviceID variable, since UDT uses different variables than NPM for some things. However, the DeviceID variable just reports a number - not a name.
The alert email looks like this:
A new MAC address was found on node 18
Not exactly useful, that.
If you get a satisfactory conclusion, please update this thread so we can all see the finished result!
