3 Replies Latest reply on Dec 10, 2010 8:43 AM by freemen

    not sure I understand the Suppression tab in adv alerts


      I still am not sure I understand how the suppression tab works in version 10.0 advanced alerts.

      A simple example would be node status. The Trigger is a single condition based on node status. Now I also place a single condition on the Suppression tab that says "City equal to London". My understanding is that as long as there is ANY node in the database that is in London, that will universally suppress ALL node down alerts.

      Is that correct, or will it only suppress a node down alert for the node that triggered the alert in the first place?

      Does Orion also evaluate the Suppression SQL query after each evaluation of the database (based on the Alert Evaluation Frequency setting)?

      Please respond with a step-by-step description of how Orion uses the Trigger and Suppression tabs.

      Two other questions please....

      Is suppression best accomplished using custom properties on the Trigger tab rather than the Suppression tab?

      Will all of this change when I upgrade to version 10.1 due to the introduction of Groups and Dependencies?

      Thank you in advance for the explanations.

        • Re: not sure I understand the Suppression tab in adv alerts

          i would suggest you never use supression tab...  i have had nothing but bother with it in the years i have used orion, sop i have banned it. 


          stick with NOT clauses in the trigger tab, and use custom properties to your hearts content (i think i have 40+ of them LOL)

          • Re: not sure I understand the Suppression tab in adv alerts

            With your example I would have skipped the Suppression and added the "Not In London" criteria in the "Trigger Condition" Tab

            The way I have used the Suppression Tab is to Suppress multiple alerts if a core switch or firewall is down.

            Here's an example...

            I monitor a couple of sites remotely and don't want an alert for each and every device that's down at a site if the Connection to that site is down.

            Trigger Condition...
            Node Status is equal to Down
            Site is Equal to "Site Name"

            Alert Suppression...
            Node Name is equal to "The Remote Site Firewall"
            Node Status is equal to Down

            Then i have a separate Alert for when the Firewall is down.

            When the connection is down I only get the alert that the firewall is down but if the firewall is responding I get alerts for the devices at the remote site.