3 Replies Latest reply on Aug 4, 2008 2:18 PM by scraig84

    Suppression Frustration


      I have read a number of previous threads on suppressions through the advanced alerting and I understand the limitations in terms of device dependencies.  That said I am trying to build an alert that will be suppressed for a given location if that location's 2 edge routers are down (dual connected back to HQ).

      Here is what I have:

       Trigger when all apply:

      Location is equal to <4 digit location code>

      Node status is equal to Down


      Suppress Alert when all apply:

      System Name is equal to <4 digit location code>-R1

      System Name is equal to <4 digit location code>-R2

      Node Status is not equal to Up


      This seems to be how most examples show how to have a particular device dependent on a single router but I'm adding in the second router as well.  However, it doesn't look right to me but I'm having difficulty figuring out a better way to make this work and I know the above does not work appropriately.  I've also tried nesting the Node Status under each of the System Name requirements and that doesn't work either.  In all cases I've tried, all alerts are sent for all devices - I thought it would at least not alert for the routers but it still alerts there as well.

       Any thoughts or suggestions?  I have to believe I'm missing something really simple.  Thanks.

        • Re: Suppression Frustration

          Maybe someone else will jump in and correct me, but I don't think it's possible to build this suppression. Suppression works by letting you specify a query; if that query matches any nodes, then the alert is suppressed (i.e., not triggered). But what you need for this purpose is a query that checks the state of two nodes.

            • Re: Suppression Frustration

              I can't necessarily prove tdanner wrong, but you might try the following:

              Add two simple conditions for the first node - one for system name and one for Node Status = Down.

              Add a condition group using "all", then add two more simple conditions for the second node (system name and status)

              I am thinking that thus will equate to having two sets of simple conditions connected by an ALL=AND statement so that if both nodes are down then the trigger will suppress.

              Let me know if this works.

                • Re: Suppression Frustration

                  Sorry for such a late reply but I wanted to get back to you.  I did try this and unfortunately it did not work.  I think I tried every possible combo under the sun but it appears that tdanner was correct as I could not find any way to pull it off.

                  Instead I wound up keying off of the core switch stack at each location as that should always be available and 999 times out of 1000 if it's down then both lines are down.

                   Thanks for your help.