3 Replies Latest reply on Jun 17, 2016 8:15 AM by Jfrazier

    Custom poller alert issue

    joey.qiao

      Hi, All:

       

           Does anyone help me the problem as below?

       

           Issue Description:

           A customer used the NPM 10.4 to monitor hillstone firewalls and Huawei switches, then he used "Universal Device Poller" to imported the OID and assigned them to these devices.

           After that, he could view the cpu value and chart in the "Node Details" page. Then he created some alerts.

           The trigger condition is :

           ● Poller Name is equal to XXX

           ● Status is greater than 20

           The trigger action is send an email.

           When the alert is triggered and he received emails,  he found some cpu values in the email are less than 20, this is false positives and abnormal. I want to know why it happened and how to solve it. Thanks!

        • Re: Custom poller alert issue
          Deltona

          Hi there,

           

          Does the firewall have multiple CPU cores?

          Is the Universal Device Poller CPU core-aware?

          Is the alert based on a single CPU core or multiple CPU/core?

          • Re: Custom poller alert issue
            d09h

            Is there a reset condition that needs to have its wording changed?  Perhaps it's actually the alert clearing/ returning to normal, but text in the email may not make that abundantly clear.  Not that I've ever done that to myself...I eventually started including 'return to normal' in the wording of my reset emails to clarify.

             

            Another thought...create a report using the same logic as the alert, and then validate that what is seen is what is expected.  Ensure that any alert suppression / return to normal conditions are represented.

            1 of 1 people found this helpful
            • Re: Custom poller alert issue
              Jfrazier

              Is it possible the trigger condition allows at least one of the cpu's to be greater than 20 ?

              Thus at least one is within the trigger allowances even though the others are not ?

               

              You might see if there is an OID for average CPU and use that and include a "period of time" equal to a polling interval (minimum) so that at least 2 polls must match the trigger conditions before an alert is triggered.

               

              It would be helpful to include a bit more info (screenshots are great) of the poller and alert configuration so we have the same perspective you have as to how it is set up.