This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Traps setup issue

Travisty over 3 years ago

Hi,

NPM 2020.2 in use and i am trying to code Advanced SQL trap alerts. But the trap database table contains no data. I can see the traps coming in via log viewer. The Trap database statistics show no rows of data also.

Any Ideas?

Sorry i am a newbie on a steep learning curve

Thanks in advance

Top Replies

sum_giais over 3 years ago in reply to Travisty +1

I'd build it out in SWQL. Not sure exactly how I'd build an alert with this yet (as I've not done it myself) but this would be some SWQL to get you going looking at the syslogs from SolarWinds Orion Log…

Parents

0 neomatrix1217 over 3 years ago

Why not create the alerts from log viewer?
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/LM/LM-Alerting.htm
Cancel
Vote Up 0 Vote Down

Cancel
0 Travisty over 3 years ago in reply to neomatrix1217

Hi neomatrix1217 stuartd
I have been successful in creating alerts from the log viewer as as per your link. What I am also trying to achieve is alert trigger delay filter
Active alarm trap is received and processed (As Below)
Trigger Condition
What i am unable to do is create a 1min delay using this method. I only want alerts for alarms that is active for > 1 min.
The alarm delay conditions disappears when Log analyzer alert message event is selected as a trigger. Online reading points me towards using custom SQL to achieve this.
I have traps coming in and working.
But the trap database file is empty for SQL
Thanks in advance
Travis
Cancel
Vote Up 0 Vote Down

Cancel
0 dgsmith80 over 3 years ago in reply to Travisty

The way the Analyzer alert integration works is your basically creating an event-driven alert. So LA triggers an event and your alert is looking for that event, there isn't an option to add a delay in this scenario. The only workaround for this would be to write a Custom SWQL/SQL Alert to reference you conditions directly from the Log Analyzer database.
Cancel
Vote Up 0 Vote Down

Cancel
0 Travisty over 3 years ago in reply to dgsmith80

Hi dgsmith80 ,
Would to be so kind and point me to the correct SQL database table as the traps one is empty
Thanks
Travis
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Travisty over 3 years ago in reply to dgsmith80

Hi dgsmith80 ,
Would to be so kind and point me to the correct SQL database table as the traps one is empty
Thanks
Travis
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 sum_giais over 3 years ago in reply to Travisty
I'd build it out in SWQL. Not sure exactly how I'd build an alert with this yet (as I've not done it myself) but this would be some SWQL to get you going looking at the syslogs from SolarWinds Orion Log Viewer (LV) or Log Analyzer (LA). I've always used the built-in functionality. Might require some crafty SWQL work to achieve what you're looking for.. as other folks have mentioned syslogs are really event driven in SolarWinds.
SELECT TOP 1000 n.Caption, n.MachineType, ms.IPAddress AS SourceIP, le.LogEntryID, le.LogEntryTypeID, le.LogEntryLevelID, le.NodeID, le.MessageSourceID, le.DateTime, le.MessageDateTime, le.Message FROM Orion.OLM.LogEntry AS le LEFT JOIN Orion.Nodes AS n ON le.NodeID = n.NodeID LEFT JOIN Orion.OLM.MessageSources AS ms ON le.MessageSourceID = ms.MessageSourceID

This is just a start... there's much more possibility with this. Above is just a couple quick left joins to pull in the caption and machine type of the node, and the source IP of the received log.
Much of this could be easily translatable (as usual) from SWQL to SQL. Just keep in mind that in SQL, LV / LA have their own database as it's memory-optimized. In SQL you could look in OrionLog_LogEntry table in then SolarWindsOrionLog' database (default name unless changed I believe...)
I hope this helps.
Cancel
Vote Up +1 Vote Down

Cancel