6 Replies Latest reply on Jun 25, 2013 12:49 PM by netlogix

    Alert Rules

    Farrukh Shami

      Hi all,

           I want to understand the rule mechanisam. I have a network of 5 machines added in NPM.






      Now , I want to make different groups to whome the notification will be sent. like there are 2 groups


      1:  Network Administrators  (NA)

      2:  Server Administrators     (SA)


      I want "Goes down" notification of server " a, b , c " wil sent to Group (NA)

      while "Goes down" notification of " d,e " will sent to Group (SA)


      For this kind of rule what I can create???

        • Re: Alert Rules
          Farrukh Shami

          group A.jpg

          I have created this rule. but it is not trigering any email.

          • Re: Alert Rules
            Leon Adato

            Look at your initial line: "Trigger alert if ALL of the following apply"

            A device that is down cannot have an IP address of AND AND


            What you mean to say is:

            Trigger alert if ALL of the following apply

                 Node status is equal to down

                 Trigger alert if ANY of the following apply

                      IP Address is equal to

                      IP Address is equal to

                      IP Address is equal to


            Try that one out and let us know if it works.

              • Re: Alert Rules
                Farrukh Shami

                  • Re: Alert Rules
                    Leon Adato

                    Think about your polling cycles.


                    • SolarWinds polls (pings) every 2 minutes.
                    • If a device fails a ping, Solarwinds sends out one ping every 5 seconds
                    • If a device fails 10 pings in a row, the device is THEN marked as down.
                    • Do you have a delay in your trigger? (You should) That's going to delay the actual alert message further.


                    Let's say that you put a 4 minute delay on your alert trigger. Meaning a device has to be down for 2 polling cycles before you call it officially "down" (this is a good idea, so you don't cut a ton of false alarms)


                    at 12:00 your device goes down

                    worse case, it's 12:02 before SolarWinds pings it for status. this ping fails

                         SolarWinds sends out one ping every 5 seconds.

                    At 12:02:50 , the device is now marked as "down" in Solarwinds

                         your alert trigger says to wait 2 minutes to make sure it's really down

                    at 12:04:50, you finally send out a message

                    if you have any delays in email processing, that could slow things down further.


                    So it's about 5 minutes.


                    Now you can cut down the time by doing the following things:

                    1. Reducing the polling cycle on the device - you can get down to one ping every 10 seconds I believe.
                    2. Reducing the delay for the alert trigger


                    If you did both of those things, you could get down to a 60 second delay between device down and your alert.


                    But my guess is that you would also generate so many false alarms that it would become useless noise.

                      • Re: Alert Rules

                        One other factor to add is on the first page of your alert, Alert Evaluation Frequency, how often the alerting engine checks for the condition, so after adatole's 12:02:50 you have to add that number - of course this is all worst case.