Have we tried to test the alert to see if the trigger action (email) works at all? There could be issue with SMTP config. If you wanted to configure more dynamic alerts / configure on-call rotations, we do have a free product called Alert Central to help with this:
Look at your initial line: "Trigger alert if ALL of the following apply"
A device that is down cannot have an IP address of 22.214.171.124 AND 126.96.36.199 AND 188.8.131.52
What you mean to say is:
Trigger alert if ALL of the following apply
Node status is equal to down
Trigger alert if ANY of the following apply
IP Address is equal to 184.108.40.206
IP Address is equal to 220.127.116.11
IP Address is equal to 18.104.22.168
Try that one out and let us know if it works.
adatole Thanks It is working Now.
I have a one more question , why my alert manager is slow. when some device goes down , alert is triggered after 3 or 4 minutes through e-mail and SMS both. please can you guide me how I can make it speedy. I mean to say it's triggered time 3 to 4 minutes should be reduced.
Think about your polling cycles.
- SolarWinds polls (pings) every 2 minutes.
- If a device fails a ping, Solarwinds sends out one ping every 5 seconds
- If a device fails 10 pings in a row, the device is THEN marked as down.
- Do you have a delay in your trigger? (You should) That's going to delay the actual alert message further.
Let's say that you put a 4 minute delay on your alert trigger. Meaning a device has to be down for 2 polling cycles before you call it officially "down" (this is a good idea, so you don't cut a ton of false alarms)
at 12:00 your device goes down
worse case, it's 12:02 before SolarWinds pings it for status. this ping fails
SolarWinds sends out one ping every 5 seconds.
At 12:02:50 , the device is now marked as "down" in Solarwinds
your alert trigger says to wait 2 minutes to make sure it's really down
at 12:04:50, you finally send out a message
if you have any delays in email processing, that could slow things down further.
So it's about 5 minutes.
Now you can cut down the time by doing the following things:
- Reducing the polling cycle on the device - you can get down to one ping every 10 seconds I believe.
- Reducing the delay for the alert trigger
If you did both of those things, you could get down to a 60 second delay between device down and your alert.
But my guess is that you would also generate so many false alarms that it would become useless noise.
One other factor to add is on the first page of your alert, Alert Evaluation Frequency, how often the alerting engine checks for the condition, so after adatole's 12:02:50 you have to add that number - of course this is all worst case.