To many alerts / emails when node is down (48 port network switch)

Started by hkusulja, May 07, 2014, 08:26:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

hkusulja

May 07, 2014, 08:26:05 PM Last Edit: May 09, 2014, 05:42:39 PM by hkusulja
Hi,
I have configured NetXMS server Event Processing Policy, to send me email alerts.

However, when node (which is network switch), for goes down, i got lot of events which generates alarms and also send lot of email alerts for each network interface on this switch.
So i get total of emails: 48 ports + each DCI + 1 for node down alert.

How to create a dependency or something to get this email alerts smaller, if node is down then not to alert me for interface status and DCI at all.

Please be aware that I do not want to disable interface monitoring (for instance if network switch is working and just one interface goes down, i still want to have email).

I suppose this should be solved on Event Processing Policy, but I do not have idea in which direction should I write those rules, any suggestions ?

Thank you

Victor Kirhenshtein

#1
May 08, 2014, 05:02:12 PM
Hi!

If topology information is correct, you can try to use this script: http://wiki.netxms.org/wiki/Script_Example:_Additional_Information_About_Connected_Node as an example of how to get connected nodes and for SYS_NODE_DOWN event check if node is connected to the switch which is already down.

Best regards,
Victor

hkusulja

#2
May 09, 2014, 03:45:12 PM
Quote from: Victor Kirhenshtein on May 08, 2014, 05:02:12 PM
If topology information is correct, you can try to use this script: http://wiki.netxms.org/wiki/Script_Example:_Additional_Information_About_Connected_Node as an example of how to get connected nodes and for SYS_NODE_DOWN event check if node is connected to the switch which is already down.
Hi, maybe my question was not clear enough.
For another example, I do have node (windows server with agent) which has 10x DCI's , 10x network interfaces, 10x network services.
If node goes down, I do not want to receive email / alert for each stuff (every network interface, every network service) that this is down now.

Also is it possible to send email as digest (every 5 mins, grouped in one email) etc.

Thank you

Victor Kirhenshtein

#3
May 11, 2014, 06:03:04 PM
Hi!

Actually, if node is compoletely down, and SYS_NODE_DOWN event is generated, all SYS_IF_DOWN and SYS_SERVICE_DOWN events should be correlated to SYS_NODE_DOWN and not cause message sending. However, if node is not down completely, you may get lot of events and notifications if multiple interfaces goes down for example. The only way to create digest messaging is to write your own script which will do that. For example, you may store event messages into text file in event processing policy (using "execute" type action) and run cron job every 5 minutes to send this file as email if it is not empty.

Best regards,
Victor

sperlm

#4
May 14, 2014, 10:35:02 AM Last Edit: May 14, 2014, 10:36:47 AM by sperlm
Hi, maybe you could solve it by filters in event processing policy ?

Something along these lines:
IF
- SYS_IF_DOWN
- and:
parentNode = GetObjectParents($if);      // not sure if "$if" (Get ObjectParents reference)
if ((parentNode->status == 4) return 0;

For more details see my solution of dependency based on infrastructure, if it helps... here

With regards,

MS
Print
Go Up Pages1
User actions