cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Grouping of objects for alerting

Jump to solution

Hi there,


We have just purchased Solarwinds Network Performance Monitor and I have be put in charge of setting it all up.


I have added all the nodes that I would like to monitor and can see how to group them via the AgentPort, community Contact etc. However when it comes to Alerting I am struggeling to work out how to get it to group correctly.


As an example, we have devices in many different countries. They all have the same community string, contact details etc. However we have multiple Departments that need to be alerted when their device goes offline. Our naming structure is xxxyyzz999 where xxx is the company code, yy is Site code, zz = device code, 999 = Device number. The problem is they all have the same Company code so I can't sort via name. People in Australia don't want to be notified if a device in Europe goes down, and visa vera. However they do want to know if their device is offline.


 If there a way to create a group and add devices into that group and then set alerting to that group. Eg: AU-Devices, EU-Devices, etc.


 I hope this makes some sort of sense.


 


Regards,


Bogor

Tags (2)
1 Solution
Level 15

 Welcome to the Forums Bogor & the world that is Orion.

Grouping is one of the main features of Orion.
This can be accomplished with the Custom Property Editor.

You can create any custom property you like and use this for alerting, reporting and many others.
Using a combination of properties, it is possible to setup alerting suppression with custom properties as well.

Example

  • create a CP called Tier and another one called site.
  • assign a value of 1 to all backbone devices, 2 for Distribution Routers & 3 for access switches & 4 for servers
  • assign a name to all devices in one site behind a BB router

Now create an alert for all your access switches in one site such as this:

  • alert on any - node status = down and site = xyz and CP - Tier = 3
  • but not if node status <> up and site = xyz and CP - Tier = 2

This will suppress down node alerts for your access switches in site xyz if your DR's are not up.
Note: this last part is important as it covers the polling intervals so that your should get very few alerts through before the suppression kicks in.
What this means is the alerts will also be suppressed if the DR status is Warning or Unknown
You should poll your DR's & BR's more frequently than your access switches in any case.

HTH
 

View solution in original post

0 Kudos
40 Replies

I went ahead and created a CP giving each site their own storenumber (is assume this is what you call 'grouping')

You have created 300 groups of one store each.
I suggest you create one group with a common CP for all 300 stores.

Using my my example of a CP called Store_tier;

tier1 ----wan----> tier2 ----lan---->tier3

Router1 ----wan----> Router2 ---lan--->PC/Server

Router1 = head-end router = CP "1"
Router2 = WAN router = CP "2"
PC/Server = Store nodes = CP "3"

So any PC or server at any store will be assigned the "3" Store_tier CP.

Create an alert for any store:

Where
Store_tier = '3' AND
status = down

Create a suppression for this store alert:

Suppress when
Store_tier = or less than '2' AND
status = down

(I see a problem with this - ANY single "router2" down will suppress the alerts for all other stores. A second CP would have to be used to make the alert site specific)

Create a second alert - All Stores down:

Where
Store_tier = '1' AND
status = down

Of course this gets more complex when you have multiple routers with with backup/redundant circuits, but the principle is the same.

0 Kudos

Thanks Guru

I created the alert with the suppression and it seems to work.  and the other alert for the router.

 

(I see a problem with this - ANY single "router2" down will suppress the alerts for all other stores. A second CP would have to be used to make the alert site specific)

but like you said .. it does supress the alert and I do not get the alert if a serveur fails in another store.

I've been trying to play around with another CP but I dont think I'm heading in the right direction.

I have in mind something like ..  " if tier2 site# is the same as tier 3 " but can it be done like that ?

 

edit: ok so I dont think this can be done ..  I assume I will have to make an alert for each individual store.

0 Kudos

If you make the tier 2 & tier 3 devices part of the remote network, then you can do this.
Just make the suppression for tier1 and the alert for any tier 2 or 3 device down, since they are both at the same site.
Or just go with a 2 tier approach (unless you absolutely need suppression of all the devices at a single site when their gateway/WAN router goes down at this site).

0 Kudos

how many alerts can the Orion support without affecting the performance of the box ?

0 Kudos

Could you please attach a screen shot of how it looks in the advanced alerts?

Your expert high-impact network management support is greatfully appreciated.

0 Kudos

Pleas post a screenshot!

Thanks,

 

AL     

0 Kudos

Add a trigger condition!!!

0 Kudos

You are confusing triggering with alert suppression - these are 2 separate tabs which are configured independantly.
I have not actually set this up & tested this in production, but here is how I would do it.

0 Kudos

 One Pic per post.... doh!

Here is the trigger condition: 

0 Kudos

 And here is the Suppression condition:

0 Kudos

Thanks for the screen shots. 


If the switch (tier 3) becomes unavailable, will a attached node to this device (tier 4) send a alert or will this be covered in a different alert.  Will a new alert will need (must) to be created for the the nodes on the site that indicates to supress the alert if the Tier is less than or equal to 3 to prevent alerts being triggered on attached nodes (tier 4)?


 


Your expert high-impact network management support is greatfully appreciated.

0 Kudos

This was just an example to get you started in the right direction, you will have to configure the logic yourself.
It's not that difficult, especially if you draw a picture of your network (which you should have already in Mapmaker).
 

Example:
Starting from your Orion server - the default gateway of your Orion server could be tier 1.
Your near end WAN router could be tier 2
Your far end WAN router for the site you are alerting on [xyz] could be tier 3.
Your access switch at site xyz could be tier 4
The hosts plugged into your access router could be tier 5

You may have to get creative with the tier1 & 2 devices, as they won't be in the same site as xyz.
Most likely you will have to nest alerts & make a suppressed alert if ANY tier 1 & 2 device down and then the ALL of the following apply supression.
(alerting103.jpg)
 

Whatever you decide on, if you keep the same numbering scheme across your whole network, then the same alert & supression will work for all your sites &/or customers.
You can copy the alert & just change the name of the site.
In the case where you have many hops or devices between your Orion server & the monitored devices you could end up with a tier 15 device.
You might want to multiply the numbers in the example above by 10 so that all access switches use the same tier number - 40.
This gives plenty of room for numbering devices in-between.

Initially it will entail some work in CPE, but should be very easy to maintain once it is all set.
All I can suggest is to experiment first with some lab equipment which is monitored by Orion, until you are comfortable with how this works.

DISCLAIMER - I have not set this up myself & will not be responsible if this does not work & you end up losing customers or millions of dollars.
This is merely a suggestion/guideline of what could be done with Custom Properties & Advanced Alert Suppression.

 

Rarely do we find men who willingly engage in hard, solid thinking. There is an almost universal quest for easy answers and half-baked solutions. Nothing pains some people more than having to think. Martin Luther King, Jr.

0 Kudos

 OK, the thing you're saying only work, with one dependencie, so, please explain me how to make yhis to work: I have a switch conected to two WAN routers, if the switchs goes down and one of the routers (or the two) is up the alert must be trigered, but if the two routers are down the alert must be supressed.

Someone could explain me how make this?

Is possible?

Thanks in advance to all of you,

AL 

0 Kudos

 OK, the thing you're saying only work, with one dependencie, so, please explain me how to make yhis to work: I have a switch conected to two WAN routers, if the switchs goes down and one of the routers (or the two) is up the alert must be trigered, but if the two routers are down the alert must be supressed.

Someone could explain me how make this?

Is possible?

Thanks in advance to all of you,

AL 



 

I think this is explained above.

0 Kudos

Arielik,


The symatics have changed since the first .jpg!

0 Kudos

Thanks, N_G!!!

0 Kudos

The attached screen shot displays what we currently have setup and appears to be working; however, we have not tested.  The alert has not triggered yet because nothing has become unavailable.


If someone has confirmed that this type of setup is correct, please reply; otherwise, I will continue to test.


The logic here is that if something is unavailable then don't alert on child nodes that Orion does not know the status of: hense <> up status of a node.


Your expert high-impact network management support is greatfully appreciated.

0 Kudos

I have attached a screen shot of what I believe is the correct way to set this up.


 Could someone please help answer if this is correct?


 Your expert high-impact network management support is greatfully appreciated.

0 Kudos

 I think that is not going to work, for a simple reason, you're saying in a point TIER = 3 and in the same statement you say Tier=2, this is impossible.

Thanks,

 

Regards,

Ariel     

0 Kudos

Many thanks for your great reply.


That seems to be exactly what I was after.


 Regards,


Bogor

0 Kudos