5 Replies Latest reply on Aug 26, 2012 12:21 PM by Richard Nicholson

    Alerts

    supportadmin

      Hi,

       

      I am new to solarwind.. I am trying to create a node down alert.. I have around 100 routers which are in the range of 100.200.1.1 to 100.200.100.1. I want to create alerts only for these 100 routers and not for any other networking equipment connected to it. All of them are Cisco 1841 routers..

       

      In advanced alert manager, I selected node down and select the following condition.

       

      Trigger alert when any of the following apply

           Node status is equal to unreachable.

           Trigger alert when any of the following apply

                Machine Type is equal to Cisco 1841.

       

      Shouldnt I get alerts only for only for those 100 routers.. I dont hae any other Cisco 1841 routers in network.. It just doesnt seem to work.. any help would be appreciated... plss help me... I am in dire need...

        • Re: Alerts
          Richard Nicholson

          There are a few ways to do this.  I use Custom Properties to add tags to different equipment so I can tailor my alerts around certain devices.

           

          For instance all of our Cisco gear is owned by the DataComm Department at my company.  So I used the Custom Property Editor on the SolarWinds server to add a new Custom Property called "Department".  I then filled the Column with the correct Department for each device.  IE>> DataComm, Intel, Systems, Security.

           

          Those 4 tags make up the Departments in our Environment.  This ties my Windows Server farm to Intel group.  My Linux/DB servers to the Systems guys.  My Cisco routers and Network gear to DataComm, and Security equipment and devices to Security.

           

          Now you can use the Advanced alerts to really get some granularity in your alerting.  My alert looks like this.  It's very simple and to the point, but still has flexibility to grow.

           

          Trigger alert when all of the following apply

               Department is equal to DataComm

               Node status is equal to Down

           

          Very simple alert and gets the job done.  Make sure you read up on alerting using conditions and how they function.  The way you have yours built now they would trigger anytime a device is unreachable and not include the Cisco 1841 portion of your rule since you use the "any" condition which means to alert anytime it sees those 2 conditions, and with your status portion being the first condition it doesn't make it to the second condition where you have the 1841 portion.

           

          Custom properties are your best friend  in Orion.  They can allow you to really group devices together many different ways, and you can add as many as you need for different things.  I have about 20 Custom fields I use in mine to group, alert, and report   I also use the custom properties to create separate Portal views and sort/filter the nodes for departments that only need to see their relative nodes.

           

          Drop me a message or reply if you want some more help with this.  Once you get use to the Custom Property editor and Advanced alert conditions it will become very easy and 2nd nature to you.

           


          • Re: Alerts
            Richard Nicholson

             

             

            Thanks!  You will find that the SolarWinds user community and dev's are among the most helpful and active of many forums I am apart of.

             

            Make sure to mark your question as answered as well!

             

            Let me know if you have any other questions, or need other help!

              • Re: Alerts
                supportadmin

                Hi,

                 

                I now have one more query..

                I have configured the alerts such that I get an alert when the router is down for two hours. So, if we assume that the router went down at 0900 hrs, I should get an alert at around 1100 hrs.. I hope this assumption is correct.

                 

                In the message section, I have selected ${Time} with an intention of getting the time at which the node went down. However, I seem to get the time as 1100 hrs. I mean instead of giving me the event time, it is giving me the time at which the email was sent. How can I get event time? Please help..

                 

                Also, is it possible to get all these alerts in single email? For example, if in my network, two routers go down, I get two emails (one for each router). Is it possible to get this in a single email?

                  • Re: Alerts
                    Richard Nicholson

                    Yes you are correct in your thinking that you would delay the alert triggered at 9 and the alert engine wouldn't action the alert until it was a "True" condition for 2 hours.  The alert variable ${Time} relates to the time the alert was considered an action in Orion.  I guess you could add to the message this alert is based on a 2 hour delay.  Actual downtime was recorded 2hrs from this alerts time stamp.

                     

                    I haven't come across this issue since we alert right away on routers and only a 5 minute delay on our back up routers since they are mostly DSL fail-over and tend to go down more because of resync on the ADSL line or changes from our providers.

                     

                    I would have to dig a bit tonight on the Variables to see if there is one that pulls the actual time the node stopped responding in Orion.  I know you can go back to the Node Details page and get the time the node stopped responding to ICMP, but still I see where it would be nice to have this information sent in the Alert you created since you delay it by 2 hours.

                     

                    Or you can use Event Traps or Syslog Events to alert with as well, and as long as you have the traps and syslog pointed to the right IP in your routers these Events give you notice to an outage faster since they aren't based on Orion using ICMP to check response, and they are sent by the router when it sees an issue on an interface or link.  You could look into setting up some log tracking with those to correlate with your alert to find the actual downtime of the routers.

                     

                    Someone else might chime in here and know off the top of their head since they use this type of delay in their alert.  Either way I will see what I can find about this for you.

                     

                    As far as having alerts only generate a single E-Mail for all active alerts at that given time..  I'm not sure how you would do this, and need to think about this one for a minute.  The way the Condition based alerts work is the alert engine scans the database to see if any of the nodes match your pre-defined conditions values, and if they do they generate an alert for that specific device.  If you have multiples that meet the condition the alert sees it as separate instances of a true condition for each NodeID that matches the condition values and will generate a triggered alert off each single node.  Again I haven't tried or ever thought about having this ability, so I can't be 100% sure you can't do it.  Again, let me search around and play with some test alerts, or maybe one of our Alert Guru's can chime in here and let us know yay or nay on this matter.