We need to be able to extract VarBinds from traps and alert on them (or regex patterns in syslogs).
For Example, BGP Peer down OID 184.108.40.206.1.1.1
Peer address is in varbind 220.127.116.11.1.2.1
Local address is in varbind 18.104.22.168.1.2.2
The problem is that you cannot have 2 instances/alerts of the same Log Anayser rule hit. So if "RouterA" has Peer1 go down, it triggers this.
5 hours later if "RouterA" has "Peer2" go down, it triggers this again (with a different VarBind). Same LA rule, Same Orion Alert, so nothing re-triggers as Orion thinks its already active.
Similarly, Orion can only display the ENTIRE trap message using the $(loganalyster.Macro). Thats no good, as we get 5 lines of garbage when all I want to view is the single varbind thats important to me - the peer address.
Until Varbinds can be individually alerted on, and extracted into the orion message, the Alerting functionality of LA is useless for us.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.