14 Replies Latest reply on Oct 2, 2012 3:48 AM by crishna

    Active response tool

    crishna

           How does it works...  ive enabled the tool on one of the servers ... where does it store the log file  i mean in which directory ???????

        • Re: Active response tool
          nicole pauls

          Any time an active response is initiated, events will be generated and stored on the appliance. If you search for InternalCommands alerts in nDepth (or with a filter) or use the "SolarWinds Actions Report" you should be able to find anything an active response connector has done.

          1 of 1 people found this helpful
          • Re: Active response tool
            crishna

            i'm  having problem with this( append txt file )  rule  when trying to create a rule for a particular alert  i'm trying to write detection time to the txt  but its not allowing me to do that its saying incompatible parameter

             

            any help ???

              • Re: Active response tool
                nicole pauls

                That message is a warning - it is possible the rule and action will fire even though it's there. (It's also possible the rule will fire but the action will fail, but I haven't reproduced this myself to be sure one way or the other.)

                 

                What I'd do:

                1. Use an email or other action to confirm the rule is in fact firing as expected, before adding the append to text file action.
                2. If the rule is firing with another action (i.e. rule is correct), add the append to text file action, making sure the Agent value is a valid agent name (or the InsertionIP field from the alert, if you want it to go where the event was originally generated).
                3. If the rule doesn't fire at all with the Append to Text, or if nothing is written to the text file:
                  1. Make sure the agent is correct - it needs to match the name of an agent in the Manage>Nodes area. If you want it to be written on the node that detected the original event, use InsertionIP.
                  2. Make sure the file path is correct.
                  3. Try using a different field for the Text rather than DetectionTime - test with something like EventInfo to see if it is written.

                 

                If you never see data in the text file even after doing those things, chances are something else is wrong. You may need to open a support case to get this diagnosed faster.

                  • Re: Active response tool
                    crishna

                    Thanks nicole for replying

                     

                    1. i cant use email  because there is no mail sever in my network

                    2 i've doubled checked it it the appropriate parameter

                    3 i've use rest of the categories like eventinfo , etc... they are working  but when i tried detection time .. it says incompatible parameter??

                      • Re: Active response tool
                        crishna

                        ive raised a case for this today .. they said they gonna send this issue to the development team, but they have gave me a timeline for it ?? can you push this forward

                         

                        Thanks in advance

                          • Re: Active response tool
                            nicole pauls

                            Can you post the case #?

                              • Re: Active response tool
                                crishna

                                Case #376824

                                 

                                Hi Krishna,

                                 

                                I have submitted this feature request to our development team. They will consider the request, and decide whether it will be implemented.

                                 

                                You may also post your request to the Thwack forum for the SolarWinds product you wish to see improved. Thwack forums are here: http://thwack.solarwinds.com/forums/ Create a post titled “FEATURE REQUEST - Name of the Feature Request” and detail your request including case number. These forums are monitored by our Product Managers. This will allow other customers to voice their opinions as to whether they would find the feature useful.

                                 

                                Please be aware that:

                                * Developers will decide on whether or not to go ahead with implementation of the feature

                                * Developers will decide on the timeline of the release (if they decided to implement the feature)

                                * Support does not update you on whether the feature has been implemented, and you will have to check the Release Notes: http://www.solarwinds.com/documentation/documentation.aspx

                                 

                                If you have any other questions or issues, feel free to contact us at Solarwinds Support: http://www.solarwinds.com/support/ticket/

                                 

                                Cheers,

                                Ginno

                            • Re: Active response tool
                              nicole pauls

                              Have you ignored the warning, saved anyway, and verified it does not work, or are you just reporting the warning? The warning is just a warning, but I cannot say for sure what effect that has. Before I check, I want to be clear what you're experiencing.

                                • Re: Active response tool
                                  nicole pauls

                                  We have confirmed this active response works fine - if you ignore the warning (and everything else is properly configured) DetectionTime will be written to the specified file. Make sure that you have the "Append Text to File" active response configured on the system you want to use it on, double check the rule and the response (ignore the mismatch warning), and all should be well. Support should also be following up.

                          • Re: Active response tool
                            crishna

                            can somebody shed some light on it pleaseeeeeee ???? this is very essential thing  for me to implement on my project