NetXMS Support Forum

Hello again,
I was wondering if there is a way to group email alerts.
The reason I'm asking is because in a device ex. a switch I could have set a lot of data collection items with thresholds as well.
When a critical problem could happen on the switch ex. power failure the switch is unavailable and I'm getting alerts from thresholds port state and device status which it will result from around 7-10 warning/critical email per device, and same when it gets back to normal.
Is there a possible way to group alerts, for example in that situation to group everything and tell netxms to send only 1 email with all the problems or a status problem?
Thank you in advance

Bump,
Any Idea of the issue?
Or if it's not possible, is there a way for false alarm to configure it. What I mean is, could I config for 2 or 3 polls for the interface state and if it does not match the expected state then to trigger the alarm. Because for some reason I have a lot of false alarms, or even it could give broken data to netxms and I have a lot of emails for returning back to normal for interface state.

You can configure the poll count per interface (open the properties of the interface, select Polling and set the required poll count).
You can also globally configure this by changing the PollCountForStatusChange server configuration setting. Default is 1.

I guess you could also look at Filtering Scripts in Event Processing Policies to not send/trigger an alert for interface up/down if the node is unreachable (e.g. try to connect via SNMP inside the script or check some other node conditions).

In our case, we require three polls for a status change, but we also check the status more often than once a minute (which is the default).
We also are not actually alerting on interface up/down. The node will still show as critical in the list (i.e. red cross) if an interface is in an unexpected state, but there are no emails. That is sufficient for our setup, but may be unacceptable in yours.

Dear Tursiops,
thank you for your answer. I will check the global poll count and see how it will operate. It confused me because on per interface it said poll count 0.
Do you have reference where to read on how to do the Filtering Script? I would like to get email notification of unexpected interface change status, but if it too complicated I would set it only to unexpected up :\

Some very basic links regarding event processing and scripting:

• https://www.netxms.org/documentation/adminguide/event-processing.html
• https://www.netxms.org/documentation/adminguide/scripting.html#scripting

There are several event processing policies related to interface state changes, which you can either change or disable and configure your own.

You could for example add a filtering script that checks if a node is reachable via SNMP prior to triggering an alert. That way, if the node was down, you would receive the node down, but not the interface down alerts. If the node was up, the interface down alerts would still come through:
snmpTransport = CreateSNMPTransport($node);
if ( snmpTransport == null ) return false;
return true;
Technically NetXMS should be detecting that the node is down and thus not alert on the interfaces going down as well. I am not sure if that works or doesn't work - as I said, we are not alerting on that.

That also still doesn't help you if you have a whole bunch of interfaces go down while the node is still up.
Not sure how NetXMS is supposed to group those into a single email alert, as the events come in individually.
To group them, NetXMS would have to delay sending the email for the first event while waiting to see if any additional events come in.
Maybe the AlarmSummaryEmailSchedule, AlarmSummaryEmailRecipients and EnableAlarmSummaryEmails Server Configuration options can help you with that. I am not sure how much flexibility you require in regards to email recipients for different devices. We have never used these summaries, so I actually do not know how they look like at all.