Traps and Syslog Alerts through Orion NPM alerting engine
All of our critical alerts need to be displayed visually as well as getting an email.
With the Traps and Syslogs having a separate alerting engine, there was no simple way to do this. I don't see the new beta's having an integrated engine yet...so I got to work.
I wrote custom SQL alerts that tie the source of the trap/syslog message to a node in Orion (so you must add node if it does not already exist).
In order to keep the SQL Queries responding fairly well, you must also TAG the syslog and trap message. The attached alerts use the tag "CriticalSW" as the tag that is searched for...feel free to change to fit your environment.
- Set up your tag for syslog/trap messages
- Ensure your SQL Queries match your tag
I've got 3 alerts here...one syslog and two traps.
One of the traps is generic and uses no custom properties, the other two are tailored for my environment using custom properties but can serve as an example for your customizing pleasure.
to make the syslog generic:
- edit trigger condition and remove where clause (see generic trap alert as example).
- edit reset condition and set to auto reset after 4 minutes (if your alert query runs every 5 minutes)
- edit trigger action and remove any swisEntity parts with "customproperties.<CP>" in it and customize to fit your environment.
- edit reset action and do the same.