16 Replies Latest reply on Jul 22, 2016 7:16 AM by Mark Roberts

    Alert for sum of EIGRP neighbors

    crutcha

      So, I want the ability to monitor and alert for the ammount of EIGRP neighbors on more than 1 router. I have 3 routers(being load balanced) that service as tunnel endpoints. Tunnels aren't exactly reliable for monitoring, so i've chosen to monitor EIGRP relationships instead. So far, i've set up a universal device poller using OID 1.3.6.1.4.1.9.9.449.1.2.1.1.2 (cEigrpNbrCount) and assigned it to the 3 devices. I was able to create a chart in the NPM WebUI using 'Multiple Universal Device Pollers Chart' and telling it to view sum only for that poller.

       

      Now....I want to set up email alerting on the sum of all EIGRP neighbors between the 3 devices, but i'm having issues. Here's what I currently have setup in advanced alerting:

       

      Screen Shot 2013-09-04 at 5.27.07 PM.png

       

      The problem is, whenever I set the alert with those conditions, it will generate hundreds of email every minute with very small ammounts. Is there some better way I can be doing this? How do I accomplish this?

        • Re: Alert for sum of EIGRP neighbors
          roman.tatar

          Hi,

          the issue with current alert is that it is evaluated separatelly for each router. Each of them has probably number less than 6000, so the alert is triggered.

           

          I would recommend to create 3 separate UnDPs pollers for this OID for each router. Assign each of them only to single router. (For example cEigrpNbrCountNameOfRouter1, cEigrpNbrCountNameOfRouter2, cEigrpNbrCountNameOfRouter3)

          - Than create transformed poller(Transform result) that will sumarize these 3 pollers into one. (For example cEigrpNbrCountSUM)

          - Make sure that polling interval for transformed poller is the same as for all 3 pollers.

          - Forumula for transformation will look like

          {cEigrpNbrCountNameOfRouter1}+{cEigrpNbrCountNameOfRouter2}+{cEigrpNbrCountNameOfRouter3}

          - Assign transformed poller to all 3 nodes together.

           

          Finally create alert for transformed poller (cEigrpNbrCountSUM). And you may also create graph for this sumarized poller.

           

          Roman

            • Re: Alert for sum of EIGRP neighbors
              crutcha

              Roman,

               

              I tried this but it's not working correctly. I set up seperate pollers with that OID for each router, and when I test those, they come back with correct values.

               

              I created a new transform: {R1} + {R2} + {R3}

               

              When I test it against the 3 nodes I assigned it to, values come back. When I added a universal device poller summary chart in the WebUI, it comes up with nothing.

               

              Here's an example of one of the individual pollers:

               

              Screen Shot 2013-09-05 at 9.32.38 AM.png

               

               

              Thoughts?

              • Re: Alert for sum of EIGRP neighbors
                shuth

                Reviving a fairly old thread but I'm having issues with the above.

                 

                I created two custom pollers (e.g. customOIDpoller1 assigned to router 1, customOIDpoller2 assigned to router 2). I then created a transform poller that added these two pollers together and assigned it to both routers. The transform doesn't work because it doesn't have both pollers assigned to the same device?

                 

                What am I missing here?

                 

                The end goal is to create an alert that triggers when the sum of these custom pollers goes over a certain value.

                  • Re: Alert for sum of EIGRP neighbors
                    Mark Roberts

                    As you have found the Transform will only work with the values from the same device, it cannot bridge devices to create a value.

                     

                    Therefore you need to utilise custom queries to join this data together.

                     

                    Presentation

                    Use Custom Table or Custom Query for tabular display and Custom Chart for the charting. All will require a custom query to perform a sum of these values. When you add these resources, in the data source section change from Dynamic Query to SQL/SWQL. Sorry I dont have the time now to put the query structure together, but it will be quite straightforward.

                     

                    Alerting

                    Again when defining an alert trigger, in the selector for the object type you have SQL as an option and for this you will need to create this as a sub query due to the beginning of the SELECT statement being hard set.

                     

                    I hope this helps.

                     

                    Mark Roberts

                    Prosperon - UK SolarWinds Partners

                    Installation | Consultancy | Training | Licenses

                    facebook_icon.jpglinkedin.pngblogger.pngtwitter-icon.jpg 

                      • Re: Alert for sum of EIGRP neighbors
                        shuth

                        Thanks Mark.

                         

                        I developed a few queries that work in SQL but no matter what I input into the custom SQL alert it never triggers on an object. The code validates and it returns the values in the initial SELECT statement so I'm not sure what I'm missing.

                         

                        In my lab, I've been using the Cisco temperature status UnDP as a test poller but it should still be suitable for this scenario.

                         

                        The custom node poller alert has the following select:

                         

                        SELECT CustomPollerAssignmentView.AssignmentName, CustomPollerAssignmentView.CustomPollerAssignmentID FROM CustomPollerAssignmentView
                        

                         

                        I have the ciscoEnvMonTemperatureStatusValue poller assigned to a couple of devices and the total is greater than 60 (my threshold for this query). The SQL query returns each custom poller assignment in the sum and validates in the alert but doesn't trigger on any objects (alert summary shows it will not trigger on any devices). I assume this would trigger an alert for each of the pollers if the total breaches the threshold (this would be tolerable as at least the alert would be functional).

                         

                        SELECT CustomPollerAssignmentView.AssignmentName, CustomPollerAssignmentView.CustomPollerAssignmentID FROM CustomPollerAssignmentView
                        
                        WHERE CustomPollerAssignmentView.CustomPollerAssignmentID IN
                        (SELECT z.CustomPollerAssignmentID from CustomPollerAssignmentView as z where z.CustomPollerName = 'ciscoEnvMonTemperatureStatusValue'
                        AND 1 = (SELECT 1 as temp FROM (SELECT SUM(CONVERT(int,CurrentValue)) as val FROM
                        CustomPollerAssignmentView b where b.CustomPollerName= 'ciscoEnvMonTemperatureStatusValue') as a where a.val > 60))
                        

                         

                        I get values in SQL management studio so I'm wondering if this is "too complex" for the alerting engine (i.e. it won't do nested SQL SELECT statements). If not, then I'm not sure if this is possible (based on my limited SQL knowledge) as all my other queries that generate a SUM of the values, lose the references to the original pollers (so the alert has nothing to trigger against).

                         

                          • Re: Alert for sum of EIGRP neighbors
                            Mark Roberts

                            Hi

                             

                            We have noticed several custom SQL/SWQL usage issues with the recent releases of Orion breaking what was previously working and what 'should' still work. I haven't tested the above (sorry just dont have time this week), but I can confirm that SELECT statements within the WHERE clause work fine.

                             

                            One suggestion would be to try it without using SQL aliases (Yes I know...) and include the table names in each object.

                             

                            Set the alert logs to debug (LogAdjuster utility on Orion server) and check the Alert logs to determine if there is anything logged on why it is failing.

                             

                            Mark Roberts

                            Prosperon - UK SolarWinds Partners

                            Installation | Consultancy | Training | Licenses

                            facebook_icon.jpglinkedin.pngblogger.pngtwitter-icon.jpg