Which Solarwinds product are you using?
I installed trial NPM recently. I interested in 2 objectives.
1)Get real-time status frm my appliance (i.e. configured interface up/down and object up/down)
2)Customize alarm via received syslog and snmp,modify its contents and send out selected alerts.
I am facing some problems now in syslog viewer n snmp trap receiver,how can I seek yr technical guys help?
Did you look under "Manage Alert's". There is a standard alert: "Email me when an Interface goes down"
Copy this alert and configure the action that it will send email to a mailbox
You can use either Syslog or SNMP Traps to achieve real time detection.
For a Trap, open the Trap Viewer application on the Orion server. Add a new Alert and define the necessary values to look for this, with the easiest being the 'Trap Details' tab and entering *linkDown* as the filter.
Always use polling based in support of this as well
There a lots of snmp traps coming in, I doesnt know how to read them.How to filter these traps to get simple interface up/down status?
SNMP traps take a bit of work to fully understand. Included in the trap should be the IP Address of the device you're looking at. The "ifAdminStatus" is fairly self-explanatory, it tells whether a device is up (value of 1), down (value of 2) or in testing mode (value of 3). A simple search of the internet should find this info, such as at this page:
What you're showing us above is the admin status of all 14 interfaces of the device. ie: ifAdminStatus.11 is the 11th interface on the device, this would correspond to the "ifIndex" in the same table. Other rows in this SNMP table will tell you what interface 11 is. ie: Look at the ifDescr in that table. That being said, the "ifIndex" of an interface can change from boot to boot, on a Cisco device you can prevent this from happening by issuing the "snmp-server ifindex persist" config command.
One thing to remember is if you're trying to monitor a device, lets say a WLC. And you have the WLC configured to send a trap when its LAN interface goes down. Since the LAN interface is down, it will have no way of getting this trap to Solarwinds, so you'd be SOL! SNMP-traps are "best-effort" delivery, so even when connectivity was restored, you wouldn't get the trap. Now you could monitor the switch interface to which the WLC is connected though, and as long as that switch has connectivity to Solarwinds you'd be ok. But, if the switch was down too, once again SOL! SNMP-informs guarantee delivery, but there is a host of problems associated with processing SNMP-informs too, which I'll let you find out on your own. My recommendation is to not use them.
So, as deverts said, doing SNMP polling and generating alerts off those is a very good thing. The problem with polling is that its not immediate. If the interface goes down a couple seconds after a poll, you'd have to wait for the next poll for the interface to go into a warning state, and then after that a down state. A trap would be received immediately.
So, assuming you still want to do trapping, at this point you will need to go on to the Solarwinds server and bring up the "Trap Viewer" application and set up an alert or filter. I tend to have a few traps that I look at, and filter the rest out so they're basically ignored. Fairly straightforward to set up. Add a new rule, under "General Details" you can filter based on the specific IP address of a node if you want. Then, fill out the trap details, usually I'll put the MIB in here for what I'm looking for. The more specific stuff goes under "Conditions". Its here where you can do something like "ifAdminStatus.3" "is equal to" "2" (ie: the third interface is down). Then do your Alert Actions. I like to do a color code for the trap I want so I can easily pick it out of the "Current Traps" screen.
Let us know if you have any more specific questions. I tried to give you enough detail to figure it out yourself.
Assuming you are using NPM to collect your information, what is your "real time" requirement? NPM is already polling devices every 2 minutes by default. This is typically good enough for most monitoring situations. If you have a requirement to poll more often, you can tune this polling cycle, either globally, or by individual object (device or interface). BE VERY careful tuning those settings, each tweak means more resources being used by NPM all the time. By doing it this way, we are only adjusting out-of-box settings and alerts, nothing special is needed.
If you still have a requirement to do something special for that one off situation, you are close -
Step 1: Enable SNMP on the device - you have completed this already
Step 2: Review the SNMP traps you are receiving, and look for something unique you can use as the "trigger" in your alert
Step 3: Configure Alert (Settings - Manage Alerts) - this is where it gets tricky if you've never created/modified alerts before. The best option is to find an alert that you can copy and modify (never modify the original version) to meet your needs. Something that performs the way you want, but doesn't "trigger" on the unique data you chose in Step 2.
Hope this helps.
I have to agree with deverts... the default polling interval is pretty tight. If you have a handful of nodes that are super super more important you can shorten the interval for just them but just remember this won't scale as well as the defaults. There are other advantages to doing relying on the polling... for some WAN interfaces having an alert for every time the interface seems to have gone down may just be bad WAN circuit with latency and God forbit packet loss. You'll be able to see this and also adjust your alerts to not get false alarms on problem circuits by allowing a little leaway even.
The polling interval is fine. I am having difficulty customizing the snmp traps.
Btw in syslog viewer, I cant delete the logs. There is no option to delete, and the logs are all in red. How can I delete, acknowledge & configure settings for the logs?
I think if you view in message center you can select them then clear or ack them.
I go to solarwinds orion->syslog viewer and all the messages is in red color. Is syslog viewer the message center? How do I access message center? I installed NPM under Solarwinds Orion.
From the web interface it's under HOME -> MessageCenter
How can I access web interface of syslog viewer? under NPM? or need to install something else/?
For me I just point my webrowser at the NPM server by name and it the login dialog comes right up! Your homepage URL should look something like this:
https://yourNPMServernameorIPhere/Orion/SummaryView.aspx?ViewID=1 It's possible it's not https that depends on how you set it up.