Open for Voting

Log Analyzer - Add "Discriminator" to allow alerting on individual "instances" (BGP peers, etc.)

Problem:

Log Analyzer cannot create alerts for each individual "instance". An option to use a varbind as a "discriminator" would allow for unique alerts per instance, and also for resets to apply to that instance only.

Examples of instances that might generate alerts are BGP neighbors, EIGRP neighbors, Cisco FRUs, interfaces, etc.

Problem Example:

A BGP neighbor goes down on a router. The trap below is received. A Log Analyzer rule fires, tags the trap, and sends an Alert to NPM. NPM raises an alert. Two minutes later a second BGP peer goes down.  Log Analyzer again tags the trap and sends the alert to NPM. NPM does not raise a new alert because the old alert is already active.

Currently there is no way to generate an alert for each "instance" (in this case, BGP neighbors). If a neighbor comes back up, there is no way to automatically clear the alert for that instance only.

TrapOid

1.3.6.1.4.1.9.9.187.0.1

VARBINDS

sysUpTime (1.3.6.1.2.1.1.3.0)

13 days 16 hours 39 minutes 25.04 seconds

bgpPeerLastError.172.18.0.65 (1.3.6.1.2.1.15.3.1.14.172.18.0.65)

bgpPeerState.172.18.0.65 (1.3.6.1.2.1.15.3.1.2.172.18.0.65)

established(6)

cbgpPeerLastErrorTxt.172.18.0.65 (1.3.6.1.4.1.9.9.187.1.2.1.1.7.172.18.0.65)

empty value

cbgpPeerPrevState.172.18.0.65 (1.3.6.1.4.1.9.9.187.1.2.1.1.8.172.18.0.65)

openconfirm(5)

TrapType

CISCO-BGP4-MIB:cbgpFsmStateChange

Potential Solution:

If we could indicate that each unique value in the varbind "bgpPeerLastError" represented a different bgp peer, that would allow us to get a different alert for each peer going down, as well as clear the alert when the peer came back up.

CA Spectrum is one example of an NMS that has this functionality.

  • I'm guessing you didnt get a solution to this. Seems solarwinds doesnt understand how to do trap handling in the real world.

  • I have run into this problem with multiple clients.

    The client will have a management system that manages and monitors specialised equipment. That equipment will report back any faults to this management tool which will then send a trap alert to SolarWinds.

    Under the previous Trap Viewer, if the client received 10 traps then they would get 10 emails.

    They implemented Log Viewer for the alerting integration so they could easily alert into ServiceNow to have incidents created for the traps.

    Under Log Viewer, they only get an alert for the 1st trap. The system sees the alert is already triggered for that alert on that node and won't trigger it again.

    They would like the ability to link the alert to the message ID. If the system gets 10 traps/syslog in 1 minute, then it should have the ability to generate 10 alerts and subsequently 10 separate incidents.

  • Can you give us an example of the Trap rule used for this...im trying to get my BGP rule to fire when BGP status changed and send a notification email.

    Below is my post of what im trying to do with the BGP Varbinds ive used to create the TRAP rules.

    Any help would be appreciated as i cant seem to find any other posts that provide any help for this.............

    BGP Session DOWN -Trap / BGP Session BACKUP- Trap.