One of the biggest difficulties I have these days is thinking of methods of applying thresholds/ignores/etc to multiple entities in a manageable way.
It seems to be a pretty difficult problem, and explains why most monitoring platforms just end up devolving into a never-ending process of manual configuration.
We've had some pretty major changes on hold for a while because a suitable solution to this issue hasn't quite presented itself yet. :)
Adam.
-----Original Message----- From: Michael obslist@smarsz.com Sent: 22 December 2020 22:41 To: Observium observium@observium.org; Adam Armstrong via observium observium@observium.org; 'Observium' observium@observium.org Cc: Adam Armstrong adama@observium.org Subject: Re: [Observium] creating alert when port status change
We add the following to ours to catch another couple of use cases that others might find useful.
I'm the port description, we add NEW: or IGNORE: at the start.
The ignore tag gets added as a notmatch condition on the checker that Adam listed. This allows you to have ports that aren't of any significant importance that frequently change state, suppressing the alert. It can be a little easier to surgically implant the description than adding a large amount of ports to the alert checker.
The new tag we use for ports that are in a preproduction state. Typically configured and activated prior to being fully patched through. This allows them to have the inverse behaviour of the down alert.
ifAdminStatus equals up ifOperstatus equals up
port.ifAlias match NEW:*
This then triggers an alert to say that the far end has been enabled/patched and any last verifications or config can be done. We are often waiting on 3rd parties to do their bit, which might take weeks or in some cases months to jiggle the cable.
The only issue I have is that there is a lag between adding the tag to the port description and the alert system adjusting/rebuilding the match list. I often get a false positive until the next full device discovery...
Hope this is useful for somebody.
Cheers,
Michael
On December 23, 2020 8:56:25 AM GMT+11:00, Adam Armstrong via observium observium@observium.org wrote:
The intended way to do this is to alert on down ports, and then ensure that you don’t have any needlessly down ports, alerting on the state of being down, rather than on the event of changing from one state to another.
If you have an environment where you have lots of down ports, you can use the group/association system to limit the alert to a certain subset of ports.
To alert on a port which is enabled (administratively up) but (operationally) down, you want:
ifAdminStatus equals up
ifOperStatus notequals up
Adam.
From: observium observium-bounces@observium.org On Behalf Of Luis Olavarrieta via observium Sent: 21 December 2020 22:32 To: observium@observium.org Cc: Luis Olavarrieta luis.olavarrieta@wynnmex.com Subject: [Observium] creating alert when port status change
Adam / team:
How do you create a rule when a port changes it status?
I need to send an email when a port (different than the WAN) changes it status from up to down.
https://www.facebook.com/wynnmex.technologies.oficial https://www.instagram.com/wynnmextechnologies/?hl=es-la https://www.youtube.com/channel/UCn5Qx8Fz8BOX3afkTBhHobA?view_as=subscriber https://twitter.com/wynnmextech https://www.linkedin.com/in/wynnmex-technologies-5b368318a/ https://www.wynnmex.com/