Apr 19, 2011 11:18 AM

    NPM - Combining usage of SNMP traps, Syslog, and Advanced alerting to report flapping


      I have been trying to find a way to create a customized message that contains node specific information based on an SNMP trap and/or Syslog message.  The difficulty is that there is no link between the database and the trap viewer.  Short of writing a customized external script and running that file to access the DB, I have not found a work around.  Since advanced alerts seem to have access to some node/interface specific information, it seems like a combination of these features may at least work for a flapping interface

      So this is now my delimma.  Advanced alerts will poll as frequently as you ask it to (for now, let's use every 30 seconds).  General polling of interfaces takes place at a designated interval (say every 3 minutes).  I have a SNMP trap rule set up to change the interface status to "Down" when a linkdown message is recieved.  Since SNMP traps are real time, lets follow the progression of a flap.

      1. Real Interface goes down

      2. SNMP trap is immediately recieved and the solarwinds Interface status now changes to Down state in the DB

      3. Real interface comes up

      4. Normal Polling cycle causes a poll that now sees the interface as up and updates the DB

      5. Advanced Alert now runs and sees interface as up and no notification is sent out.

      I see there is a value in the Interface table called InterfaceLastChange.  Without knowing how this value increments, it is difficult to use, but I have an incling this value may be a key to making this work.   The problem here is that you cannot compare the value of InterfaceLastChange to that of a time relative to the current date/time.  If we could, an easy solution would be to see if the interface changed between this poll and last poll (I realize it isn't so much a poll as it is a DB lookup).