smargh

After 10 days, any & all acknowledged alerts will disappear - if the original criteria for the alert(s) still matches, then the alert will be triggered again as though it were a new alert. There is a workaround of extending the 10 days by several more days, but it's still not a fix or proper workaround. I have had ticket…

The problem is not that we aren't alerted for volumes that "stop responding", it's that Orion cannot handle a Windows volume either being renamed on the monitored host itself, i.e. from "OS" to "Windows", nor if the volume ID changes. This is, of course, assuming that this is actually what the root cause of this is for…

Event triggers would be nice, but they don't seem to be possible at the moment unless you set up a trigger on the SQL database itself, which would also need to be the thing which actually sends the alert. It's easy with T-SQL though. See this image for the alert I've set up for this exact problem - it does work fine: I use…

This is normal for MSSQL - it will use all available memory for caching rather than having to hit the disk all the time. Have you tried limiting memory? The slowness of the web UI might be a different problem. I notice that you've got Microsoft's AV running - have you told it to ignore the SQL folders for realtime…

Use computername\username, not workgroup\username.

Windows has a built-in utility to forward specific event logs as SNMP traps to Orion. Run evntwin.exe. You can apply a config file with evntcmd.exe. I use it on our Orion install to alert on certain events - for example, certain Exchange events trigger instant email alerts, and all service crashes ("terminated…

I don't know how this would affect the hot-standby engine, but you can directly edit the SQL in the TriggerQuery and ResetQuery colums in the AlertDefinitions table. These values are only updated when the alerts are edited in the GUI, so you will need to update it whenever the GUI is used on that alert. I do this for…

I observed this several years ago on my Windows boxes when we first set up NPM. It has been reported to SolarWinds multiple times on forums and in tickets, but they don't seem to either want, or be able, to alter this behaviour. Each time they said that it's just how it works. I've tested a proof of concept Powershell…

We don't use SAM - it's too expensive - but one thing I imagine would be useful (if it doesn't already have the ability) is to be able to monitor any files, including new files with unknown filenames and/or matching a file *mask*.* (or regex?) in a folder & subfolders. Monitoring log files over a UNC path etc would be…

Is the custom poller retrieving a table?

From what you say, an RSS feed might be appropriate - then you can use your preferred desktop RSS client to do the popups, i.e. FeedDemon. You could also easily access the same feed on Blackberries, iPhones or your home PCs, depending on where your web server is located in your network. Getting alert info directly from the…

Assuming the old hostname is gone, then delete the old hostname in AD DNS - I'm going to guess that it's confusing kerberos.

Run a regular MSSQL Agent job every x minutes to query the status of the custompoller table(s) (IF poller status = "on battery" AND node status = UP), then subsequently update the Is_On_Battery custom properties of all relevant nodes. Note that custom pollers only run I think every 10 minutes, so this is assuming that your…

This is probably the everlasting gobstopper of NPM (not SAM) bugs, whereby Orion stops updating a volume and marks it as "not responding" in the Volumes database table, but doesn't give an indication in the web UI that it's not being monitored any more. It happens whenever the volume name or serial# changes on the server.…

It would work fine on a 64bit OS. However, you must narrow down the cause of the excessive memory usage. If it is running out of paged or non-paged pool memory, then that's normally a problem with a buggy driver. Check for updated drivers, NIC firmware or BIOS upgrades etc. A server shutting itself down could perhaps be a…

The only reliable way I found to do this was using one custom property (I use "Alert_Emails_CC") on nodes, which contains either zero, one or many recipients in the format user1@myco.com,user2@myco.com - the list must strictly not have any spaces in it, otherwise will fail in the way you describedd. All my alerts have the…

Unless anyone knows better, that's how it needs to look. My table for HP server temperatures looks almost exactly the same - I just have a poller called "Temp" instead of your "Temp_Celcius" and use that as the label, to try to avoid confusion in case people try to match up the "label" with sensor locations inside the…

I have a case open with SW right now, as a bug, whereby active alerts "expire" and are re-triggered afresh after 10 days. In your case, are these "interface down" alerts active all the time? If so, perhaps they are just being triggered after Orion prunes old alerts.

I would also like to be able to prevent particular events such as this from being put in the Orion event logs.

Depends on what you want to monitor, but how about on the database server itself? I use some SQL Agent jobs for this purpose - see my post here: There are also some other other timestamps that you might want to get alerts based on when they aren't updated in a while.

We have one. I monitor only... Number of messages deferred for delivery * Number of messages deferred inbound Number of messages deferred outbound Number of messages queued for delivery * Number of messages queued inbound Number of messages queued outbound I've found that only the two with a star have so far been useful,…

This is the TriggerQuery from the AlertDefinitions table for your alert. Notice the last bit - "last changed" is only for use with LastBoot. SELECT DISTINCT Volumes.VolumeID AS NetObjectID, Volumes.FullName AS Name FROM Volumes WHERE ((Volumes.VolumeType = 'Fixed Disk') AND (100-NullIf(VolumePercentUsed,-2) =…

${SQL:SELECT CustomPollerStatus.Status FROM CustomPollers RIGHT OUTER JOIN CustomPollerStatus LEFT OUTER JOIN CustomPollerAssignment ON CustomPollerStatus.CustomPollerAssignmentID = CustomPollerAssignment.CustomPollerAssignmentID ON CustomPollers.CustomPollerID = CustomPollerAssignment.CustomPollerID WHERE…

Yes. You need to enable the relevant policy for your "default domain controller security policy" Group membership change events are logged with either ID 630 on a Server 2003 network. 2008+ logs events 4728 (add member) and 4729 (delete member). You can then configure your domain controllers with their built-in evntwin.exe…

Yes, we get this sometimes. I believe it has been a feature since around version 10.4.1. I used to only see it in evntwin.exe-sourced event traps (EVENT-LOG-TRAP-MIB:eventLogMib), so I thought it was intentional security-related obfuscation, but I also see it on some Exchange events and possibly others.

It's a feature, I'm afraid. The 10-day re-triggering of acknowledged alerts can be extended, but not eliminated. If you want SolarWinds to consider changing this behaviour, then you will probably need to have a very significant investment in SolarWinds' products - I raised this as a bug, but they just increased the limit…

I bet the domain controller on that site has stopped replicating, so the most recent password being used for discovery is different on that local DC. Check the event log on the site's DC for errors relating to AD health & replication, and do an AD health check. Also check the clocks on the server/clients are correct.

To give you an idea of how to do this, I have a similar situation with alerting on HSRP states. The way I did this is with two custom properties on nodes, which specifies what the active & standby IPs are, and then use a "Custom Node Poller Custom SQL Alert" for the alert criteria. The query looks up the labels so that it…

Perhaps the subject of the post needs improving. My suggestion is: Assign a list of custom pollers automatically based upon new & existing custom attributes or substrings of discovered node properties - perhaps that needs shortening though :) I remember reading that templates for new nodes (including applying universal…

All my email alerts contain this in the To: field: alertsATcontoso.com,${Node.Alert_Emails_CC} The Alert_Emails_CC custom field can contain either one email address, or multiple email addresses if separated by commas. If you have a space character in any custom property, or otherwise make the To: field become anything…