When to use Basic vs Advanced Alerts?

Question

I am very interested in hearing the thoughts of the user community on the use cases for both types of Alerts.

When do you use Basic alerts? Why?

When do you use Advanced Alerts? Why?

Thanks for your responses.

michal.hrncirik · Answer

Hi,

let me a little bit clarify Basic vs. Advanced alerts.

Basic alerts work on immediate SNMP polling result basis. For example, if node goes down, SNMP poller which returns poll result has a property that contains information about node status. Basic alert engine takes this (and other pre-defined) properties and compare it against trigger condition and trigger an alert. Alert won't be triggered till SNMP poller would return different than "down" status and then back "down". So you should get single alert if node is down for 10 minutes.

Advanced alerts uses database queries in order to evaluate the condition. Once SNMP poller writes result of poll into database, advanced alert engine triggers a DB query to figure out if there are condition to fire an advanced alert. That means, you could get alerts with "node down" event as many time you want, but by default, there is reset condition set, which stop triggering the same alert until status is != Down.

So at the end, both alerts can give you the same result, but each has different options. Basic alerts may react on "has changed" condition whereas advanced alerts need to define specific condition to trigger/reset alert. For example, via advanced alerts, you can't define this condition: "trigger an alert if amount of connected wireless clients has changed. instead you would have to define: "is lower/greater/not equal than X").

there is also a good discussion here http://thwack.solarwinds.com/thread/15310

patriot · Answer

Believe it or not I have a follow-up question almost 2 years after originally posting this question!

Lets say I have a node that goes down and stays down for 10 minutes, during which it is polled 5 times.

How would the Basic alert handle that?

How would an Advanced alert handle that?

How many times would/could each alert type notify me that the node is still down (no reset has been achieved)?

Thank you.

qle · Answer

First, let me be upfront and say that I don't use Basic Alerts anymore. With that said, here are some reasons why one might continue to use them:

* Configuration of basic alerts is generally straightforward especially if the alert applies to a couple of nodes. It's hard to beat checking off boxes as a method of configuring alerts.
* Basic alerts are assigned to specific nodes (this may be a pro/con depending on who you ask).
* Basic alerts allow you to alert when one of numerous properties are changed. Advanced Alerts can only alert when one of the following three properties have changed.* Last Boot
* IOS Version
* IOS Image Family

* Change Custom Property is an alert action only available with Basic Alerts.
* Variable modifiers, especially -Previous, only work with Basic Alerts.

Now, here are some reasons you should consider using Advanced Alerts.

* The Basic Alert engine is feature frozen. You'll notice that there is no support for VMs or groups, among other things.
* As a corollary to the first reason, more alert variables are available for trigger actions.
* Advanced Alerts can be configured in such a way that they apply to all nodes or a specific group of nodes in as little as a single condition. Doing that with Basic Alerts would require you to manually check off each node--not pretty.
* Log Alert to NetPerfMon Event Log is an available action only for Advanced Alerts.
* Alert escalation is only possible with Advanced Alerts.
* Custom SQL queries can be used and provide a level of flexibility that Basic Alerts can't touch; they can be used in both trigger conditions as well as trigger actions.

I'm sure that there are other reasons that favor either alert engine but those are off the top of my head.