This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create Post
jmason2000
Level 8
‎07-14-2016 09:29 AM

Create an Alert Trigger if Two interfaces go down

Jump to solution

Hi,

I want to create an alert that if two interfaces go down on certain devices, I would be able to send an email alert.  But it should only happen IF 2 interfaces go down, not one. 

So the Scope of the alert is:

Any node with the name containing ABC

And the trigger is

Interface name = wan 1

And

Interface name = wan2

and Interface is down

Would this work? Or would this end up triggering if it was on WAN1 on Node1 was down and Wan2 on Node 2 is down?

Any help would be greatly appreciated.

Scott

Labels (2)
Reply
1 Solution
blsanner
Level 12
In response to jmason2000
‎07-14-2016 11:49 AM

Jump to solution

Under the scope of the alert section, set it in both sections to just look at a particular node something like the following:

pastedImage_0.png

pastedImage_1.png

However, if you have multiple devices that you want to use this (or a similar) alert for, I see two options:

1) Create a separate alert for each device.  This would be pretty straightforward: create one and then copy the alert and edit the copy to reflect a different node name.

2) Create the alert as a custom SQL or custom SWQL alert which would allow you to compare the node names for the interfaces to make sure they are the same.

View solution in original post

0 Kudos
Reply
13 Replies
d09h
MVP
MVP
‎07-15-2016 01:39 PM

Jump to solution

Another way to approach this would be with groups.  Groups can show best status/ worst status/ etc.  Membership in a group can be static/ dynamic/ a mix.  Your call whether it's more convoluted or less convoluted.  It would make your alerts cleaner and may have benefit outside of the alerting module (views you create/ reports you make).  I always found groups and custom properties to be more self-documenting and easier to maintain than hard-coded references in alerts/ reports/ views.  More extensible and saves time as your network grows more complex.  Since group functionality came so much later than custom property functionality, some of the older guys probably use them less than we should (guilty).

Key to this type of solution is to define your group to show 'best case' status rather than 'worst case' status so that both have to be down for the group to be down.

Further reading:  http://www.solarwinds.com/documentation/orion/docs/groupsanddependencies.pdf

0 Kudos
Reply
jameslindsay
Level 12
In response to d09h
‎04-01-2020 08:27 AM

Jump to solution

I have this same issue and I think even the accepted solution has issues. As was said, when using an advanced condition how can you be sure the alert is not tripping when Device 1 int A and Device 2 int B are down as opposed to the intended Device 1 int A and Device 1 int B? Groups are useful when dealing with a small number of devices. I have 1500 devices where is anyone of them has both int A and B down, I need an alert. I've used the Advanced condition with mixed results. Meaning, it seems to trip sometimes on a device that has ether one or the other int up. And the reset condition also seems a bit flaky.

From a SWIS standpoint, this works but again, the reset condition is questionable. The alert should reset when either int A or B on the same device is up.

SELECT E0.[Uri], E0.[DisplayName]
FROM Orion.NPM.Interfaces AS E0
WHERE ( ( ( E0.[Node].[Vendor] = 'XXXXXX' ) AND ( E0.[Node].[Status] = '1' ) ) AND ( ( E0.[IfName] = 'ipsec-primary' ) AND ( E0.[Status] = '2' ) ) )
AND E0.[Node].[NodeID] IN
(SELECT E0.[Node].[NodeID]
FROM Orion.NPM.Interfaces AS E0
WHERE ( ( ( E0.[Node].[Vendor] = XXXX' ) AND ( E0.[Node].[Status] = '1' ) ) AND ( ( E0.[IfName] = 'ipsec-secondary' ) AND ( E0.[Status] = '2' ) ) ))

This methos has some issues in the sense that you are now limited to doing active data lookups with the node attributes you may want to pass to an ITSM process as well as email alerts.

0 Kudos
Reply
blsanner
Level 12
‎07-14-2016 10:14 AM

Jump to solution

That will NOT work as you have it set.  Basically, what you are saying is that a single interface has a name of both wan 1 and wan2, which obviously cannot be true at any point in time.  In order to get what you are looking for, you would have to use the Advanced Option of "Enable complex conditions...".  Then, you would set up two separate conditions that would look at each interface with an AND operator between the two.  It would be something like this:

---------------------------------------------------

Primary Section

Interface Name = wan 1

Interface Status = Down

---------------------------------------------------

AND

---------------------------------------------------

Secondary Section

Interface Name = wan2

Interface Status = Down

---------------------------------------------------

0 Kudos
Reply
john.ta
Level 11
In response to blsanner
‎07-14-2016 10:24 AM

Jump to solution

blsanner brings up good point, I apologize, since the detail was vague and no screenshots I had assumed this was already a complex condition.  And we all know what happens when you assume...

0 Kudos
Reply
jmason2000
Level 8
In response to john.ta
‎07-14-2016 01:04 PM

Jump to solution

Thanks guys!  that is what I figured.  I was hoping there was going to be a way to apply it to a group of devices that all had the same interface names.

But I didn't  think there would be.

Scott

0 Kudos
Reply
sgtp
Level 11
In response to jmason2000
‎07-14-2016 06:47 PM

Jump to solution

you could always put those interfaces into a group and alert based on that.

0 Kudos
Reply
jmason2000
Level 8
In response to sgtp
‎07-15-2016 11:05 AM

Jump to solution

Yeah... I know that.  But that would still not work for applying the alert to Multiple devices.  But thanks.

0 Kudos
Reply
d09h
MVP
MVP
In response to jmason2000
‎07-15-2016 01:40 PM

Jump to solution

Why not?  Alert on the group (of interfaces) vs. the node or the interface.  Make as many groups as you need.  Would this not scale for you?

0 Kudos
Reply
jmason2000
Level 8
In response to blsanner
‎07-14-2016 10:18 AM

Jump to solution

Okay based on that, how do you ensure that it is looking at the SAME Device.  Otherwise it could be two different Cisco Devices that went down but each only has one of the Interfaces down.  How do I make sure that it is the SAME device for both Complex alerts?

--------------------------------------------------

Scope of Alert:Vendor = Cisco

Primary Section

Interface Name = wan 1

Interface Status = Down

---------------------------------------------------

AND

---------------------------------------------------

Scope of Alert: Vendor = Cisco

Secondary Section

Interface Name = wan2

Interface Status = Down

---------------------------------------------------

0 Kudos
Reply
blsanner
Level 12
In response to jmason2000
‎07-14-2016 11:49 AM

Jump to solution

Under the scope of the alert section, set it in both sections to just look at a particular node something like the following:

pastedImage_0.png

pastedImage_1.png

However, if you have multiple devices that you want to use this (or a similar) alert for, I see two options:

1) Create a separate alert for each device.  This would be pretty straightforward: create one and then copy the alert and edit the copy to reflect a different node name.

2) Create the alert as a custom SQL or custom SWQL alert which would allow you to compare the node names for the interfaces to make sure they are the same.

View solution in original post

0 Kudos
Reply
ElVok
Level 7
In response to blsanner
2 weeks ago

Jump to solution

May i ask how do you make SWQL query to compare the node name in 2nd conditon to the 1st 

0 Kudos
Reply
john.ta
Level 11
‎07-14-2016 10:03 AM

Jump to solution

Because you used AND operator instead of OR operator, the alert should only trigger if both are down.

0 Kudos
Reply
jmason2000
Level 8
In response to john.ta
‎07-14-2016 10:06 AM

Jump to solution

Okay.  So should I be alerting on the NODE with two interfaces named WAN1 and WAN2 down?  Or should I be alerting on the Interface where the interface name = Wan1 and Interface is down AND Interface Name = WAN 2 and Interface is down?

0 Kudos
Reply

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
© 2021 SolarWinds Worldwide, LLC. All Rights Reserved.