• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 912 views
  • Users 0 members are here
Options
Related

Alert on IP Address on IPAM changed status

Entrap6350

Hi everyone, I'd like to create an alert for a few (and very important) static IP addressess (not already nodes in NPM) whenever one or more of them change status after the scanning process by IPAM.

I've already searched for a query already posted here, but I've just found a SWQL Studio query to list the IPAM_Events (below for reference).

Do you have any suggestion?

****Query Found****
SELECT EventID, EventTime, EventType, UserName, Message, ObjectID1, ObjectID2, ObjectType, Acknowledged, ObjectURL
FROM IPAM.Event

***********************

Parents Reply Children
  • 0 in reply to donrobert5

    Thanks!
    I tried using the advices listed on that thread, really helpful, but I'm finding an issue on how to send an alarm on a subnet different from a /24.

    Let me explain better with the code I used:

     

    WHERE ipaddress in (

     

    SELECT a.IPAddress

     

    FROM IPAM_IPHistoryReport a

     

    INNER JOIN

     

    (

     

    SELECT

     

    ipnodeid,

     

    max(IPAM_IPHistoryReport.Time) as tt

     

    from IPAM_IPHistoryReport

     

    Group by ipnodeid

     

    ) b

     

    on a.IPNodeId=b.IPNodeId

     

    and

     

    a.Time=b.tt

     

    where a.FromValue='Used' and a.IntoValue='Transient')

     

    and IPAddress like '10.20.30.%'

    The above code alerts me on each single IP address within the /24 net, but if I'd like to be alerted also for a bigger/smaller net (e.g.: 10.20.30.0/26 or /22), it doesn't work.

    This was my last line failed try: 

    and (IPAddress like '10.20.30.%' OR IPAddress like '10.20.31.%')

    Any advice?

  • 0 in reply to Entrap6350

    My SWQL Fu (or even SQL) is not strong but I think your final line needs to be:

    and (IPAddress like '10.20.30.%') OR (IPAddress like '10.20.31.%')

  • 0 in reply to stuartd

    Thanks for your suggestion, the result didn't change: the 10.20.31.% net (not the 10.20.30.% net) triggers the alarm for each and every IP address. That's super odd to me.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.