Hello thwack community,
Having read what I could find about the subject, I am in despair to find a way to produce visible, interpreted content in the Alert or NetPerfMon Event log in response to an SNMP Trap or Syslog entry.
The actions afforded in the Trap/Syslog Rule Alert Actions are divorced from the actions available in the Advanced Alert manager. I am unable to set an alert in the way I can from a polled element. I would like this capacity.
The options seem to be:
1) Create a rapid Universal Poller for the values that the traps are reporting on
This does nothing for Syslog
2) Launch an external program / script that can insert Alerts and / or Event entries
Option 1 is pretty silly, generating a lot of traffic and introducing delay in response.
Option 2 seems to be the way to do it, but the Orion SDK documentation does not make it clear what is an is not accessible through a CRUD/SWIS operation. Here are some potential strategies:
2a) Do a managed (via some SWIS API call) triggering of an alert.
2b) Do a direct (via SWQL) insertion of an Alert or Event. Has this been done? Is it possible?
2c) Set a custom property on a node indicating the current error
This would require a universal poller for the Advanced Alert Manager to pick up... with a high polling rate. =\
Any help would be appreciated.
P.S.: Does anyone else find it a little ridiculous that SNMP traps and Syslog entries are not able to trigger alerts out of the box?