Alerts for Cisco Switches

Hello there,

I have inherited a Solarwinds install, and over the years so many devices have been added that the alerts are a bit of a mess.

 They alert on "almost everything possible" on so many different devices, servers, application and network equipment.

Is there a way I can just see alerts on the 540 Cisco switches? Either by some kind of filter or can I make a "new" dashboard/view just for Cisco?

After having done the above I would like to tune up what we are alerting on.

I am a complete noob with Solarwinds so please be gentle, also no idea about SQL or any other query language so, should that be required.

Any help to start me on my Solarwinds journey  and de-clutter the alerts are very much appreciated :-)

  • I think you need to first step back and take a huge breath! Smile

    Then you need to assess and document the alerts you do have - sadly there is no one report that will tell you what each alert will trigger on/for. What we have done is to create a report for when each alert last triggered and if you do the same you may find you a fair number of alerts you can disable as they have never triggered - for whatever reason.

    But per your immediate request, you could configure a 'Custom Property' or, simpler still edit (or duplicate) an alert and configure your trigger condition to add in the logic if vendor = cisco:

    Along with any other pre-conditions you might need/want.

    Remember, Scope of the alert is the "what you want to alert on" whilst "the actual tigger condition"

     is the what's the issue. i.e. node down, high CPU, etc

    In terms of de-cluttering, I would start with:

    - check and see if any "out of the box" alerts are enabled. Solarwinds advise these are just suggestions and you very much need to tune to your environment. My personal advice [your environment being an unknown]  would be to disable any OOTB alerts but document the ones you disable somewhere. If nobody has moaned after a month or so then you are safe to not worry about those.

    Next I'd look at what is being alerted on - who to - how often - is anything done with the alert. And then start to disable as appropriate. 

    I would strongly suggest you get buy in from management and any potentially affected parties that you are doing this and enlist their sympathy and aid. If they aren't prepared to do that, then tell your immediate boss you plan to disable all alerts and enable a few basic ones such as node up/down, etc Then going forward, when teams complain you can refer back to your request for aid and that they can raise a change to get any new alert configured with clear conditions and accountability.

    Finally, for now, grab Leon's {aka  book from here: Monitoring 101 ebook  and digest.

  • I recommend taking a look at the Virtual Classroom learning. On demand and live classes are available included with your maintenance.

  • Thank you very much for the detailed answer, I shall over the course of this week start talking to people and sorting out/disabling some of the alerts.

  • In addition you can combine an alert with  custom properties

    For edge switches and routers we have added an extension to the name (caption / node name ) to differentiate (we have combined Cisco and Aruba switches) which means that they can be alerted on combined with such as a node room area. In this case we are telling the alerts to not alert on this group if the custom property includes the words 'non alerting group'  (spelt wrongly lol) 

    obviously you can add vendor = 'Cisco' instead etc.

    Remember what ever you use here, will probably help with dashboards - so have a think about custom properties and how they might help you