• State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 38 subscribers
  • Views 713 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Traps setup issue

Travisty

Hi,

NPM 2020.2 in use and i am trying to code Advanced SQL trap alerts. But the trap database table contains no data. I can see the traps coming in via log viewer. The Trap database statistics show no rows of data also. 

Any Ideas?

Sorry i am a newbie on a steep learning curve

Thanks in advance

Parents Reply
  • 0 in reply to neomatrix1217

    Hi   

    I have been successful in creating alerts from the log viewer as as per your link. What I am also trying to achieve is alert trigger delay filter

    Active alarm trap is received and processed (As Below)

    Travisty_1-1593208587621.png

    Trigger Condition 

    Travisty_2-1593208774633.png

    What i am unable to do is create a 1min delay using this method. I only want alerts for  alarms that is active for  > 1 min.

    The alarm delay conditions disappears when Log analyzer alert message event is selected as a trigger. Online reading points me towards using custom SQL to achieve this.

    I have traps coming in and working.

    Travisty_3-1593209221624.png

    But the trap database file is empty for SQL 

    Travisty_5-1593209335589.png

    Travisty_4-1593209318780.png

    Thanks in advance

    Travis 

Children
  • 0 in reply to Travisty

    The way the Analyzer alert integration works is your basically creating an event-driven alert. So LA triggers an event and your alert is looking for that event, there isn't an option to add a delay in this scenario. The only workaround for this would be to write a Custom SWQL/SQL Alert to reference you conditions directly from the Log Analyzer database.

  • 0 in reply to dgsmith80

    Hi  ,

    Would to be so kind and point me to the correct SQL database table as the traps one is empty

    Thanks

    Travis 

  • 0 in reply to Travisty

    I'd build it out in SWQL. Not sure exactly how I'd build an alert with this yet (as I've not done it myself) but this would be some SWQL to get you going looking at the syslogs from SolarWinds Orion Log Viewer (LV) or Log Analyzer (LA). I've always used the built-in functionality. Might require some crafty SWQL work to achieve what you're looking for.. as other folks have mentioned syslogs are really event driven in SolarWinds.

    SELECT TOP 1000 n.Caption, n.MachineType, ms.IPAddress AS SourceIP, le.LogEntryID, le.LogEntryTypeID, le.LogEntryLevelID, le.NodeID, le.MessageSourceID, le.DateTime, le.MessageDateTime, le.Message
FROM Orion.OLM.LogEntry AS le
LEFT JOIN Orion.Nodes AS n
ON le.NodeID = n.NodeID
LEFT JOIN Orion.OLM.MessageSources AS ms
ON le.MessageSourceID = ms.MessageSourceID

     
    This is just a start... there's much more possibility with this. Above is just a couple quick left joins to pull in the caption and machine type of the node, and the source IP of the received log.

    Much of this could be easily translatable (as usual) from SWQL to SQL. Just keep in mind that in SQL, LV / LA have their own database as it's memory-optimized. In SQL you could look in OrionLog_LogEntry table in then SolarWindsOrionLog' database (default name unless changed I believe...)

    I hope this helps.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.