Re: [Observium] False positives on Device Alerts

We are using host file to resolve names for this observium install.

We are seeing this issue on various devices but mostly networking equipment.

From: observium observium-bounces@observium.org on behalf of "Laz C. Peterson" laz@paravis.net Reply-To: Observium Network Observation System observium@observium.org Date: Tuesday, September 27, 2016 at 3:04 PM To: Observium Network Observation System observium@observium.org Subject: Re: [Observium] False positives on Device Alerts

That’s some good information. We are also having issues with this, ONLY related to Windows-based servers.

However, we are using a BIND-based DNS server as a front for all our AD zones, instead of using Microsoft DNS servers. Still having the issue though.

Another piece of information that might be valuable to you all — we have this issue with Cacti, Observium and LibreNMS as well. It seems to be something on the Windows server side, and we are driving ourselves crazy trying to figure out what the deal is.

~ Laz Peterson Paravis, LLC

On Sep 27, 2016, at 12:02 PM, Cederlund Tobias Tobias.Cederlund@lansstyrelsen.se wrote:

We are having a similar issue for some of our devices. In our environment we have tracked it down to be a result of DNS query negative caching in our M$ based DNS servers. This happens to devices with DNS-names NOT in the AD DNS-zone but in zones on other DNS-servers to which the AD DNS-servers do a conditional forwarding to.

We haven't solved this annoyance yet... But we have put some AD-folks on it...

Don't know if this is your issue but it could give you a hint on where to look.

Regards, Tobias

---- Timothy Kaufman skrev ----

We have an SE installation with about 260 devices being checked.

We have alerting setup for various services or checks.

Often we see false positives on the SNMP device down alert, for example devices will report SNMP down when they are not really down.

After a second or even third SNMP check we see a recovery and the uptime shows no outage.

I also verify this by doing and snmpwalk from observium while the “alert” is active.

Is there anything we can check or begin to look to find the cause. The server is not overloaded, with either memory or processor.

We are running 25 poller wrappers with a complete polling time of about 300 seconds.

Thanks,

Tim

_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium